


© c 
toc 2 
ase 2 = 
oo ® DE Eat 
Leen = 
KHeaS 
C 
es 52) 
G5 BS 
OS ED 
2S BOR 
Oo -eO 
a0 © £0) 





6859 CamScanner 


Personal 
Privacy — 
iInan 
Information 
Society 


Pi 





i. co a | ro ™ FF. 
wf 4 | i i 


4 Ee : 
REEL “Ba. 


The Report of — 
The Privacy Protection Study Commission 


July 1977 





689 CamScanner 


The Report of the 
Privacy Protection Study Commission 


Personal Privacy in an 
Information Society 
(Stock No. 052-003-00395-3) 


Appendix 1: 
Privacy Law in the States 
(Stock No. 052-003-00421-6) 


Appendix 2: 
The Citizen as Taxpayer 
(Stock No. 052-003-00422-4) 


Appendix 3: 
Employment Records 
(Stock No. 052-003-00423-2) 


Appendix 4: 
The Privacy Act of 1974: 
An Assessment 
(Stock No. 052-003-00424-1) 


Appendix 5: 
Technology and Privacy 
(Stock No. 052-003-00425-9) 


Copies of each of these volumes may be ordered from the: 
Superintendent of Documents 
U.S. Government Printing Office 
Washington, D.C. 20402 


Stock No. 052-003-00395-3 / Catalog No. Y 3.P93/5:1/977 


6859 CamScanner 


Seta aRE 


PRIVACY PROTECTION STUDY COMMISSION 
2120 L Street, NW. 
Washington, D.C. 20506 


David F. Linowes, Chairman 
Willis H. Ware, Vice Chairman 
William 0. Bailey 

William B. Dickinson 

Hon. Barry M. Goldwater, Jr. 
Hon. Edward |. Koch 


Robert J. Tennessen July 12, 1977 


Carole W, Parsons Z 
Executive Director id 


Ronald L. Plesser 
General Counsel 


President Jinmy Carter 
The White House 
Washington, D.C. 20500 


Dear Mr. President: 


I am pleased to transmit to you the Final Report of the 
Privacy Protection Study Commission. 


Created by the Privacy Act of 1974, the Commission has devoted the 
past two years to examining individual privacy rights and record-keeping 
practices in many environments. Although the private sector has been 
emphasized in our inquiry, we also attempted to assess the effectiveness 
of protections for personal privacy in the public sector, including the 
Privacy Act of 1974 as it applies to the Federal government. 


In our efforts, we have sought to examine and balance the interests 
of individuals, record-keeping institutions, and society as a whole. We 
believe that this report of findings and reconmendations could serve to 
strengthen this balance, while giving particular attention to the 
individual's role in controlling information about himself in a 
democratic society. If adopted, we believe these recommendations which 
are designed to safeguard a person's right to be fairly treated and to 
be spared unwarranted intrusion would buttress a vital human right of 
every American -- his right to personal privacy. 


For all of us, participation in the work of the Commission has 
been a challenging and stimulating opportunity to serve our Nation. We 
appreciate having this privilege. 


Respectfully submitt 


y . otf 
David F. Linowes 
Chairman 


689 CamScanner 


89 CamScanner 


PRIVACY PROTECTION STUDY COMMISSION 
2120°L. Street, NW. 
Washington; D.C. 20506 


David F. Linowes, Chairman 
Willis H. Ware, Vice Chairman 


William 0. Bailey 

William B. Dickinson 

Hon. Barty M. Goldwater, Jr. 
Hon. Edward |. Koch 


Robert J. Tennessen | ia July 12, 1977 


Carole W. Parsons 
Executive Director 


Ronald L. Plesser 
Genera! Counsel 


The Honorable Walter F. Mondale 
President of the Senate 

Room S-212 

The Capitol 

Washington, D.C. 20510 


Dear Mr. President: 


I am pleased to transmit to you the Final Report of the Privacy 
Protection Study Commission. 


Created by the Privacy Act of 1974, the Commission has devoted the 
past two years to examining individual privacy rights and record-keeping 
practices in many environments. Although the private sector has been 
emphasized in our inquiry, we also attempted to assess the effectiveness 
of protections for personal privacy in the public sector, including the 
Privacy Act of 1974 as it applies to the Federal government. 


In our efforts, we have sought to examine and balance the interests 
of individuals, record-keeping institutions, and society as a whole. We 
believe that this report of findings and recommendations could serve to 
strengthen this balance, while giving particular attention to the 
individual's role in controlling information about himself in a 
democratic society. If adopted, we believe these recommendations which 
are designed to safeguard a person's right to be fairly treated and to 
be spared unwarranted intrusion would buttress a vital human right of 
every American--his right to personal privacy. 


For all of us, participation in the work of the Commission has 


been a challenging and stimulating opportunity to serve our Nation. We 
appreciate having this privilege. 


Respectfully submitte 
a : 


David F. Linowes 
Chairman 


689 CamScanner 





‘PRIVACY PROTECTION STUDY COMMISSION 
2120 L Street, NW. 
Washington, D.C. 20506 


David F, Linowes, Chairman 
Willis H. Ware, Vice Chairman 


William 0. Bailey 

William B. Dickinson 

Hon. Barry M. Goldwater, Jr. 
Hon. Edward |. Koch 

Robert J. Tennessen 


rks July 12, 1977 


Carole W. Parsons 
Executive Director 


Ronald L. Plesser 


General Counsel , 


The Honorable Thomas P. O'Neill, Jr. 
Speaker of the House of Representatives 
Room H-202 

The Capitol 

Washington, D.C. 20515 


Dear Mr. Speaker: 


I am pleased to transmit to you the Final Report of the Privacy 
Protection Study Commission. 


Created by the Privacy Act of 1974, the Commission has devoted the 
past two years to examining individual privacy rights and record-keeping 
practices in many environments. Although the private sector has been 
emphasized in our inquiry, we also attempted to assess the effectiveness 
of protections for personal privacy in the public sector, including the 
Privacy Act of 1974 as it applies to the Federal government. 


In our efforts, we have sought to examine and balance the interests 
of individuals, record-keeping institutions, and society as a whole. We 
believe that this report of findings and recommendations could serve to 
strengthen this balance, while giving particular attention to the 
individual's role in controlling information about himself in a 
democratic society. If adopted, we believe these recommendations which 
are designed to safeguard a person's right to be fairly treated and to 
be spared unwarranted intrusion would buttress a vital human right of 
every American--his right to personal privacy. | 


For all of us, participation in the work of the Commission has 


been a challenging and stimulating opportunity to serve our Nation. We 
appreciate having this privilege. 


Respec ly submit 
5 rite 
David F. Linowes 


avi 
Chairman 


689 CamScanner 





PRIVACY PROTECTION STUDY 
COMMISSION 


Chairman 


David F. Linowes 
Certified Public Accountant, New York City, and 
Boeschenstein Professor of Political Economy 
and Public Policy, University of Illinois 


Vice Chairman 


Dr. Willis H. Ware 
The Rand Corporation 
Santa Monica, California 


William O. Bailey, President 
Aetna Life & Casualty Company 
Hartford, Connecticut 


William B. Dickinson 
Retired Executive Editor, 
Philadelphia Evening Bulletin 
Philadelphia, Pennsylvania 


Congressman Barry M. Goldwater, Jr. of California 
Washington, D. C. 


Congressman Edward I. Koch of New York 
Washington, D. C. 


State Senator Robert J. Tennessen, Attorney 


Grose, Von Holtum, Von Holtum, Sieben & Schmidt 


Minneapolis, Minnesota 


689 CamScanner 


PRIVACY PROTECTION STUDY 
COMMISSION — STAFF 


Carole W. Parsons 
Executive Director 


Ronald L. Plesser 
General Counsel 


Louis D. Higgs 
Deputy Executive Director and Director of Research 


Office of the Executive Director 


Susan J. Bennett, Special Assistant 

Arthur A. Bushkin, Staff Technical Advisor 

Commander Walter E. Conner,! Administrative Officer 

Pamela S. Ellsworth, Administrative Assistant” 

Mark F. Ferber, Special Consultant to the Executive Director 

Christopher E. Heller, Senior Research Associate 

Justine V. R. Milliken, Assistant to the Chairman 

James F. Sasser,? Administrative Officer (September 1975 to February 1977) 
Alan F. Westin, Special Consultant to the Commission 


Office of the General Counsel 


Christopher J. Vizas, II, Special Staff Counsel 

John A. Turner, Jr., Assistant General Counsel 
Stephen C. Nichols, Assistant to the General Counsel 
Shirley A. Lewi, Administrative Assistant 


Office of Public Information 


Mark F. Ferber, Director 
John F. Barker, Director (September 1975 to April 1977) 
Eleanor B. High, Assistant 


Project Management 


Lois Alexander,? Research and Statistics 

Susan J. Bennett, Public Assistance, IRS, Social Security Number 

Arthur A. Bushkin, Privacy Act Assessment, Technology Assessment 

William H. Foskett, Education 

Christopher E.\Heller, Credit, Credit-Reporting, and Depository Institutions 
Joan Holloway,* Medical Records 

David M. Klaus, Investigative Agencies 

Christopher J. Vizas, II, Government Access 

Jane H. Yurow, Employment and Personnel 





1 On detail from the Department of Defense. , 

2 On detail from the Department of Health, Education, and Welfare (DHEW). 

> On detail from the Social Security Administration, DHEW. 

* On detail from the Division of Hospitals and Clinics, U.S. Public Health Service. 


a | tae 


6859 CamScanner 


xi 


Professional Staff and Consultants 


Arthur J. Altenberg Daniel H. Lufkin 
Donald Bartlett Kenneth E. Mannella 
Joan Berry Ruth Matthews 
Timothy B. Braithwaite® Justine V. R. Milliken 
Joe S. Cecil Hubert A. Mitchell 
Nancy H. Chasen William B. McMahon 
Claire Dalton Margaret A. Neel 
Warren O. Davis® David Nierenberg 
Priscilla DeGasparis G. Russell Pipe 
Major William R. Elliott, Jr.5 Bruce Ransome 
David Galbraith Ira Reed 
Timothy Gay James B. Rule 
Charles Grezlak Francis M. Rush, Jr.> 
Charles Gustafson Cynthia E. Schaffhausen 
Claudia R. Higgins Arden Schell 
Florence B. Isbell Harold D. Skipper 
Mary Kay Kane Joyce R. Starr 
William R. Klamon J. Michael Taylor? 
Charles R. Knerr Patricia Tucker 
John Langton, III Rein Turn 
Donald Letourneau Philip Vargas 
Abe Levin Alease M. Vaughn 
Michael Liethan Fred W. Weingarten® 
Administrative Staff 
Phyllis R. Anderson Jeanne L. Holmberg 
A. Kristen Austin Fran Hoyle 
Zemphria Raymond Baskin Susan Kaslow 
Mary K. Chin Alan C. Luckett 
Alice Cumberland Nancy Mathes 
Louise Goldstein Nina A. Mohay 
Debbie J. Graham Joanne Robinson 
Emily Hanis Mary Scott 


Lori J. Haselhorst 


Research Assistants 
Phyllis R. Anderson Catherine J. Rodgers 
Zemphria Raymond Baskin Adrienne Taylor 
Laura Bonn Roger S. Tilton 
Vernease Herron Helene Toiv 
Brenda Reddix Michael S. Turchin 


5 On detail from the Department of Defense. 
6 On detail from the Bureau of the Census. 
7 On detail from the Department of Labor. 
8 On detail from the National Science Foundation. 


689 CamScanner 


ao 


6859 CamScanner 


Contents 
PLEfACE ovcrscserececcescesssssedscessscsecsssscnescenseccsscsassoesersneascesevecenss XV 
Chapter 
1 Introduction ..........ccccecsceececeeceeceeseesceeeeessesseeesescaeeeeaeeeees 3 
2 The Consumer-Credit Relationship ...........::scseseeeeseeereeeeeeeeess 4] 
3. The Depository Relationship ...........:-+::seseeeeeeeseeeseereeeetesess 101 
4 Mailing Lists.....pe6ssl.sscccssevcrcvssseccaencersaseseroeeesserecoeseeoners 125 
5 The Insurance Relationship ............:cseeeeseneeeereeeeeeeteetenceees 155 
6 The Employment Relationship .........--:.:sseeceseesereeeterss eres: 223 
7 Record Keeping in the Medical-Care Relationship .......----+++-+-- 277 
8  Investigative-Reporting Agencies .......-...sssseeeeeretereseeessseee es 319 
9 Government Access to Personal Records and “Private Papers” ... 345 
10 Record Keeping in the Education Relationship ........--++-+++++++++ 393 
11. The Citizen as Beneficiary of Government Assistance ...........-+- 445 
12. The State Role in Privacy Protection ..........-..:s+sseeeeeeeeeeeee ress 487 
13. The Relationship Between Citizen and Government: 
The Privacy Act Of 1974 ........:sscsseeeeeeeeeceesaeneeeeseseeaeneeeceys 497 
14. The Relationship Between Citizen and Government: 
The Citizen as Taxpayer ......--seseceeeeeseeeereeeeeeeee essen ese eeeees 537 
15 The Relationship Between Citizen and Government: 
The Citizen as Participant in Research and Statistical Studies ..... 567 
16 The Social Security Number ............::ssseeeereeeeeeneessseeeeeseeees 605 
Epilogue .....:sscssssorscessseececossecessnsnaensrscsescnscssceananersanceaseneens 619 
Appendix: Hearings of the Privacy Protection Study Commission ....... 621 
THGEK <osviyessagensievevaensscuteabrsievasssarateee ee ceeneuanwenge rere ye 639 


6859 CamScanner 





Preface 


Issues of public policy rarely, if ever, emerge on the political scene 
fully developed and fully articulated. Rather, they result from gradual 
changes in the social and economic environment, which are then identified 
and intensively debated. This has been the pattern with the subject of this 
report. The relationships between individuals and various record-keeping 
organizations have been developing over a long period of time. An analysis 
of these relationships and their consequences for personal privacy lie at the 
heart of the findings and recommendations in this report. 

In seeking to address the privacy issue as it emerges in a variety of 
settings, the Commission has constantly sought to examine the balance 
between the legitimate, sometimes competing, interests of the individual, the 
record-keeping organization, and society in general. Each of these interests 
has been weighed carefully, and, the Commission believes, given fair and 
forthright treatment. 

While broad principles did emerge as our investigations proceeded, for 
our report we decided not to center our recommendations on an omnibus 
approach. We concentrated, instead, on recommendations for the specific 
record-keeping relationships that characterize each of the areas we studied. 
It was clear to the Commission that historic development and current 
realities required each area to be dealt with separately. 

The Commission’s work, we hope, will contribute to a growing public 
awareness and increased dialogue about the various dimensions of personal 
privacy. To the extent that some awareness and dialogue have occurred 
already as the result of our extensive hearings schedule, we are pleased. 

The Privacy Protection Study Commission was directed by the 
Congress, to make a “study of the data banks, automatic data processing 
programs, and information systems of governmental, regional, and private 
organizations, in order to determine the standards and procedures in force 
for the protection of personal information.” On the basis of this study the 
Commission was also asked to recommend to the President and the 
Congress the extent, if any, to which the principles and requirements of the 
Privacy Act of 1974 should be applied to organizations other than agencies 
of the Federal Executive branch and to make such other legislative 
recommendations as the Commission deems necessary to protect the 
privacy of individuals while meeting the legitimate needs of government and 


society for information. This report is the Commission’s response to that 
mandate. . 


CamScanner 


xvi PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


Our general mandate was supplemented with some specific instruc- 
tions. We were directed to report to the President and to the Congress on: 


‘whether a person engaged in interstate commerce who maintains a 
mailing list should be required to remove the name and address of 
any individual who does not want to be on it; 


‘whether the Internal Revenue Service should be prohibited from 
transferring individually identifiable data to other Federal agencies 
and to agencies of State governments; 


whether an individual who has been harmed as a consequence of a 
willful or intentional violation of the Privacy Act of 1974 should be 
able to sue the Federal government for general damages; 


*whether—and, if yes, in what way—the standards for security and 
confidentiality of records that the Privacy Act requires Federal 
agencies to adopt should be applied when a record is disclosed to a 
person other than an agency; and 


ewhether, and to what extent, governmental and private informa- 
tion systems affect Federal-State relations and the principle of 
separation of powers. 


The first two areas are treated in Chapters 4 and 14, respectively. The 
question of whether the Privacy Act standard of damages should be 
expanded to general damages is set forth in Chapter 13. That chapter also 
discusses the issue of extending the standards for security and confidentiali- 
ty. 

: On the complex question of Federal-State relations and the separation 

of powers, the Commission recognizes that these Constitutional principles 
are also the basis on which all of our recommendations had to be made. 
Chapter 12 addresses this subject. It should be noted that each of the 
recommendations in the other chapters are also framed within our 
perception of their Constitutional implications. Thus, while many of the 
recommendations call for Federal action, others are specifically directed to 
policy makers at the State and local levels of government. 

Throughout the two years it has been at work, the Commission has 
made every effort to assure maximum participation by those most likely to 
be affected by our recommmedations. Sixty days of hearings and meetings 
were held, during which over 300 witnesses testified. After the initial 
adoption of particular recommendations, they were released for public 
comment. The observations we received were taken into account in making 
our final recommendations, . : 

In its Privacy Act evaluation, the Commission had extensive commu- 
nications with Federal agencies and held discussion workshops with them. 
Also, together with the Domestic Council’s Committee on the Right of 
Privacy, we conducted a conference in which many officials from a number 
of States came together to discuss the application of the principles and 
requirements of the Privacy Act of 1974 to State and local governments. 

Countless individuals and organizations from the public and private 


ae 


Bates 


CamScanner 


Preface XVii 


sectors gave generously of their time in order to assist us in our efforts. Space 
does not permit an individual listing of each of them, but the report is 
liberally sprinkled with references to many of those to whom we owe our 
appreciation. I would be remiss, however, if I did not offer special thanks to 
Messers. Thomas S. McFee, John P. Fanning, and Edward Gleiman of the 
Department of Health, Education, and Welfare; and to Mr. William T. 
Cavaney of the Department of Defense. In addition to arranging for several 
individuals of outstanding quality and dedication to be available to the 
Commission for periods of time, they also continually evidenced keen 
interest and encouragement for the Commission’s work. We are also in debt 
to the Chairmen, Members, and staffs of the Senate and House Government 
Operations Committees who continually supported the Commission in 
matters concerning its tenure and funding. 

No work of this scope could have been completed without the 
wholehearted day-to-day cooperation of many people. To each of the 
Commissioners, I extend my deep gratitude for his constant dedication to 
the demanding schedule of hearings and meetings. Each diligently applied 
his particular professional expertise to the frequent, and often lengthy, 
sessions on the varied subject areas we covered. 

Our staff performed with unusual devotion in what proved to be a 
most intensive and difficult effort. Their labor was marked by ongoing, 
exhaustive searches for all sides of the issues the Commission examined. My 
sincere appreciation to each of them. 


David F. Linowes 
Chairman 


689 CamScanner 


Personal 
Privacy 
nan 
Information 
society 


CamScanner 


CamScanner 


Chapter 1 


Introduction 


This report is about records and people. It looks toward a national 
policy to guide the way public and private organizations treat the records 
they keep about individuals. Its findings reflect the fact that in American 
society today records mediate relationships between individuals and 
organizations and thus affect an individual more easily, more broadly, and 
often more unfairly than was possible in the past. This is true in spite of 
almost a decade of effort to frame the objectives of a national policy to 
protect personal privacy in an information-dependent society. It will remain 
true unless steps are taken soon to strike a proper balance between the 
individual’s personal privacy interests and society’s information needs. In 
this report, the Privacy Protection Study Commission identifies the steps 
necessary to strike that balance and presents the Commission’s specific 
recommendations for achieving it. This introductory chapter briefly 
describes the problem and focuses and defines the objectives of a national 
policy. It also weighs major competing values and interests and explains 
how the Commission believes its policy recommendations should be 
implemented. 


RECORD KEEPING AND PERSONAL PRIVACY 


One need only glance at the dramatic changes in our country during 
the last hundred years to understand why the relationship between 
organizational record keeping and personal privacy has become an issue in 
almost all modern societies. The records of a hundred years ago tell little 
about the average American, except when he died, perhaps when and where 
he was born, and if he owned land, how he got his title to it. Three quarters 
of the adult population worked for themselves on farms or in small towns. 
Attendance at the village schoolhouse was not compulsory and only a tiny 
fraction pursued formal education beyond it. No national military service 
was required, and few programs brought individuals into contact with the 
Federal government. Local governments to be sure made decisions about 
individuals, but these mainly had to do with taxation, business promotion 
and regulation, prevention and prosecution of crime, and in some instances, 
public relief for the poor or the insane. 

Record keeping about individuals was correspondingly limited and 
local in nature. The most complete record was probably kept by churches, 
who recorded births, baptisms, marriages, and deaths. Town officials and 


CamScanner 


4 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


county courts kept records of similar activities. Merchants and bankers 
maintained financial accounts for their customers, and when they extended 
credit, it was on the basis of personal knowledge of the borrower's 
circumstances. Few individuals had insurance of any kind, and a patient’s 
medical record very likely existed only in the doctor’s memory. Records 
about individuals rarely circulated beyond the place they were made. 

The past hundred years, and particularly the last three decades, have 
changed all that. Three out of four Americans now live in cities or their 
surrounding suburbs, only one in ten of the individuals in the workforce 
today is self-employed, and education is compulsory for every child. The 
yeoman farmer and small-town merchant have given way to the skilled 
workers and white-collar employees who manage and staff the organiza- 
tions, both public and private, that keep society functioning. 

In addition, most Americans now do at least some of their buying on 
credit, and most have some form of life, health, property, or liability 
insurance. Institutionalized medical care is almost universally available. 
Government social services programs now reach deep into the population 
along with government licensing of occupations and professions, Federal 
taxation of individuals, and government regulation of business and labor 
union affairs. Today, government regulates and supports large areas of 
economic and social life through some of the nation’s largest bureaucratic 
organizations, many of which deal directly with individuals. In fact, many of 
the private-sector record-keeping relationships discussed in this report are to 
varying degrees replicated in programs administered or funded by Federal 
agencies. 

A significant consequence of this marked change in the variety and 
concentration of institutional relationships with individuals is that record 
keeping about individuals now covers almost everyone and influences 
everyone’s life, from the business executive applying for a personal loan to 
the school teacher applying for a national credit card, from the riveter 
seeking check-guarantee privileges from the local bank to the young married 
couple trying to finance furniture for its first home. All will have their 
creditworthiness evaluated on the basis of recorded information in the files 
of one or more organizations. So also with insurance, medical care, 
employment, education, and social services. Each of those relationships 
requires the individual to divulge information about himself, and usually 
leads to some evaluation of him based on information about him that some 
other record keeper has compiled. 

The substitution of records for face-to-face contact in these relation- 
ships is what makes the situation today dramatically different from the way 
it was even as recently as 30 years ago. It is now commonplace for an 
individual to be asked to divulge information about himself for use by 
unseen strangers who make decisions about him that directly affect his 
everyday life. Furthermore, because so many of the services offered by 
organizations are, or have come to be considered, necessities, an individual 
has little choice but to submit to whatever demands for information about 
him an organization may make. Organizations must have some substitute 
for personal evaluation in order to distinguish between one individual and 


1/ 


CamScanner 


Introduction 5 


the next in the endless stream of otherwise anonymous individuals they deal 
with, and most organizations have come to rely on records as that substitute. 

It is important to note, moreover, that organizations increasingly 
desire information that will facilitate fine-grained decisions about individu- 
als. A credit-card issuer wants to avoid people who do not pay their bills, but 
it also strives to identify slow payers and well intentioned people who could 
easily get into debt beyond their ability to repay. Insurance companies seek 
to avoid people whose reputation or life style suggest that they may have 
more than the average number of accidents or other types of losses. 
Employers look for job applicants who give promise of being healthy, 

roductive members of a work force. Social services agencies must sort 
individuals according to legally established eligibility criteria, but also try to 
see that people in need take advantage of all the services available to them. 
Schools try to take “the whole child” into account in making decisions about 
his progress, and government authorities make increasingly detailed 
evaluations of an individual’s tax liability. 

Each individual plays a dual role in this connection—as an object of 
information gathering and as a consumer of the benefits and services that 
depend on it. Public opinion data suggest that most Americans treasure their 
personal privacy, both in the abstract and in their own daily lives, but 
individuals are clearly also willing to give information about themselves, or 
allow others to do so, when they can see a concrete benefit to be gained by it. 
Most of us are pleased to have the conveniences that fine-grained, record- 
based decisions about us make possible. It is the rare individual who will 
forego having a credit card because he knows that if he has one, details 
about his use of it will accumulate in the card issuer’s files. 

Often one also hears people assert that nobody minds organizational 
record-keeping practices “if you have nothing to hide,” and many 
apparently like to think of themselves as having nothing to hide, not 
realizing that whether an individual does or not can be a matter of opinion. 
We live, inescapably, in an “information society,” and few of us have the 
option of avoiding relationships with record-keeping organizations. To do so 
is to forego not only credit but also insurance, employment, medical care, 
education, and all forms of government services to individuals. This being 
so, each individual has, or should have, a concern that the records 
organizations make and keep about him do not lead to unfair decisions 
about him. 

In a larger context, Americans must also be concerned about the long- 
term effect record-keeping practices can have not only on relationships 
between individuals and organizations, but also on the balance of power 
between government and the rest of society. Accumulations of information 
about individuals tend to enhance authority by making it easier for 
authority to reach individuals directly. Thus, growth in society’s record- 
keeping capability poses the risk that existing power balances will be upset. 
Recent events illustrate how easily this can happen, and also how difficult it 
can be to preserve such balances once they are seriously threatened. 

This report concentrates on the delicate balance between various types 
of organizations’ need for information about individuals and each individu- 


- 


6859 CamScanner 


6 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


al’s desire to be secure and fairly treated. It also recognizes, however, that 
government’s expanding role as regulator and distributor of largess gives it 
new ways to intrude, creating new privacy protection problems. By opening 
more avenues for collecting information and more decision-making forums 
in which it can employ that information, government has enormously 
broadened its opportunities both to help and to embarrass, harass, and 
injure the individual. These new avenues and needs for collecting informa- 
tion, particularly when coupled with modern information technology, 
multiply the dangers of official abuse against which the Constitution seeks 
to protect. Recent history reminds us that these are real, not mythical, 
dangers and that while our efforts to protect ourselves against them must 
ultimately be fashioned into law, the choices they require are not mere legal 
choices; they are social and political value choices of the most basic kind. 


THE FRAMEWORK FOR A NATIONAL POLICY 


The imbalance in the relationship between individuals and record- 
keeping institutions today is pointedly illustrated by the experiences of 
Catherine Tarver, a “welfare mother” from the State of Washington, and 
Mitchell Miller, a businessman from Kathleen, Georgia. 

In the late 1960’s Mrs. Tarver became ill and was hospitalized. The 
Juvenile Court, after reviewing a report by her caseworker which contained 
“assertedly derogatory contents,” including an allegation of child neglect, 
placed her children temporarily in the custody of the Department of Public 
Assistance. A few months later, the Juvenile Court, after another hearing, 
exonerated Mrs. Tarver and returned her children to her, but the 
caseworker’s report remained in her file at the Department of Public 
Assistance. 

Although Mrs. Tarver had her children back and was no longer on the 
welfare rolls, she still wanted to have the caseworker’s report removed from 
her file on the grounds that it was false, misleading, and prejudicial and 
would be available to other State social services agencies with whom she 
might subsequently have contact. When she asked for a fair hearing! to 
challenge the report, the Public Assistance Department rejected her request 
because the grievance was not directly related to eligibility for public 
assistance. She sued in a State court but lost, the court agreeing with the 
welfare agency that the fair hearing procedure was not meant to deal with 
collateral problems. The U.S. Supreme Court refused to review her case and 
the caseworker’s report remained in her file. 

Mitchell Miller’s difficulties began on December 18, 1972, when a 
deputy sheriff from Houston County, Georgia, stopped a Pepsico truck 
purportedly owned by Miller and found it was transporting 150 five-gallon 
Plastic jugs, two 100-pound bags of wheat shorts, cylinders of bottled gas, 
and a shotgun condenser. Less than a month later, while fighting a 
warehouse fire, the sheriff and fire department officials found a 7,500 gallon 
distillery and 175 gallons of untaxed whiskey. An agent from the U. S. 
Treasury Department’s Bureau of Alcohol, Tobacco and Firearms suspect- 


* For a discussion of the fair hearing procedures, see Chapter 11. 





4/ 
igi 


CamScanner 


Introduction 7 


ed Miller of direct involvement in both events and two weeks later presented 

rand jury subpoenas to the two banks where Miller maintained accounts. 
Without notifying Miller, copies of his checks and bank statements were 
either shown or given to the Treasury agents as soon as they presented the 
subpoenas. The subpoenas did not require immediate disclosure, but the 
bank officers nonetheless responded at once. 

After he had been indicted, Miller attempted to persuade the court 
that the grand jury subpoenas used by the Treasury Department were 
invalid and, thus, the evidence obtained with them could not be used against 
him. He pointed out that the subpoenas had not been issued by the grand 
jury itself, and further, that they were returnable on a day when the grand 
jury was not in session. Finally, Miller argued that the Bank Secrecy Act’s 
requirement that banks maintain microfilm copies of checks for two years? 
was an unconstitutional invasion of his Fourth Amendment rights. The trial 
court rejected Miller’s arguments and he appealed. 

The Fifth Circuit Court of Appeals also rejected Miller’s claim that the 
Bank Secrecy Act was unconstitutional, an issue that had already been 
resolved by the U.S. Supreme Court in 1974.3 The Court of Appeals agreed, 
however, that Miller’s rights, as well as the bank’s, were threatened and that 
he should be accorded the right to legal process to challenge the validity of 
the grand jury subpoenas. The Court of Appeals saw Miller’s interest in the 
bank’s records as deriving from the Fourth Amendment protection against 
unreasonable searches and seizures which protected him against “compulso- 
ry production of a man’s private papers to establish a criminal charge 
- against him.” 

On April 21, 1976, a fateful day for personal privacy, the U.S. Supreme 
Court decided that Mitchell Miller had no legitimate “expectation of 
privacy” in his bank records and thus no protectible interest for the Court to 
consider. The Court reasoned that because checks are an independent 
record of an individual’s participation in the flow of commerce, they cannot 
be considered confidential communications. The account record, moreover, 
is the property of the bank, not of the individual account holder. Thus, 
according to the Court, Miller’s expectation of privacy was neither 
legitimate, warranted, nor enforceable. 

The Tarver and Miller decisions* are the law of the land, and the 
Commission takes no issue with their legal correctness. Viewed from one 
perspective, these cases are very narrow and affect only a minute percentage 
of the population. Tarver might be seen as simply refusing an additional 
request from a welfare mother who had received the benefits she was 
entitled to under a program; Miller as a decision affecting only the technical 
procedural rights of a criminal defendant. Perhaps these two cases are not 
very compelling, but the Commission singles them out because each starkly 
underscores an individual’s present defenselessness with respect to records 
maintained about him. Who is there to raise such issues if not people in 





2 Bank Secrecy Act, 12 U.S.C, 1829b, 1953; 12 C.F.R. §103.36. 
3 California Bankers Association v. Schultz, 416 U.S. 21 (1975). 


4 State ex rel. Tarver v. Smith 78 Wash. 2d 152, 470 P.2d 172, cert. denied, 402 U.S. 1001 
(1971); United States v. Miller, 425 U.S. 435 (1976). 


CamScanner 


8 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


trouble? They are the ones who reach for and test the limits of existing legal 
protections, and if the protections are not there for them, they will not be 
there for anyone. 

In both cases, institutional policies and the legal system failed 
individuals in their efforts to limit the impact of records on their lives. The 
Tarver case warns that one may be able to do nothing about a damaging 
record, not even if it is false, until some adverse action is taken on the basis 
of it; that one has no way to prevent the damage such an action can do. The 
Miller decision goes even further, making records the property solely of the 
record keeper, so that the individual cannot assert any interest in them, 
although his interest would be assertible if he himself held the same records. 
Even worse, it warns that not only a “revenuer” but anyone, public or 
private, can gain access to an individual’s bank records if the bank agrees to 
disclose them. Pa 

Each case illustrates systemic flaws in the existing means available to 
any individual who tries to protect himself against the untoward conse- 
quences of organizational record keeping. Together they strongly suggest 
that if Americans still value personal privacy, they must make certain 
changes in the way records about individuals are made, used, and disclosed. 

Since so much of an individual's life is now shaped by his relationships 
with organizations, his interest in the records organizations keep about him 
is obvious and compelling. The above cases and the rest of this report show 
how poorly that interest is protected. If it is to be protected, public policy 
must focus on five systemic features of personal-data record keeping in 
America today. 


First, while an organization makes and keeps records about individu- 
als to facilitate relationships with them, it also makes and keeps 
records about individuals for other purposes, such as documenting the 
record-keeping organization’s own actions and making it possible for 
other organizations—government agencies, for example—to monitor 
the actions of individuals. 


Second, there is an accelerating trend, most obvious in the credit and 
financial areas, toward the accumulation in records of more and more 
personal details about an individual. 


Third, more and more records about an individual are collected, 
maintained, and disclosed by organizations with which the individual 
has no direct relationship but whose records help to shape his life. 


Fourth, most record-keeping organizations consult the records of 
other organizations to verify the information they obtain from an 
individual and thus pay as much or more attention to what other 
organizations report about him than they pay to what he reports about 
himself; and 


Fifth, neither law nor technology now gives an individual the tools he 
needs to protect his legitimate interests in the records organizations 
keep about him. 


CamScanner 


Introduction 9 


The topical chapters that follow document the importance of these five 
systemic characteristics of personal-data record keeping in America today 
and present the Commission’s recommended approach to solving the 

roblems they create. The Commission believes that by focusing on these 
five characteristics constructive solutions to most of the record-related 

rivacy protection problems that confront American society today and in 
the foreseeable future can be found. 

The first characteristic—the fact that an organization may use its 
records about individuals in accounting for its operations to other centers of 

wer and authority in society—has important implications for any policy 
of record-keeping regulation. It prompts caution in considering prohibitions 
on the collection of items of information from or about individuals, but at 
the same time draws attention to the need for special safeguards when 
requiring an organization to record any information about an individual 
that it does not need to facilitate its own relationship with him. 

The second systemic characteristic—the accumulation in records of 
more and more personal details—is clearly visible in some of an individual’s 
credit and financial relationships. It will become even more apparent as 
electronic funds transfer systems mature. This accumulation, moreover, is 
not the result of more and more people being asked more and more 
questions, but rather reflects the need and capacity of a particular type of 
record-keeping organization to monitor and control transactions with its 
individual customers. As the Commission points out in Chapter 3, it is now 
perilously easy for such a build-up, however innocently practical the 
purpose, to crystallize into a personal profile of an individual. The 
possession of such profiles invites the use of them for marketing, research, 
and law enforcement, and, in an electronic funds transfer environment, 
could provide a way of tracking an individual’s current movements. The 
dramatic shift in the balance of power between government and the rest of 
society that such a development could portend has persuaded the Commis- 
sion of the compelling need to single it out for special public-policy attention 
and action. 

The third systemic characteristic—the attenuation of an individual's 
relationships with record-keeping organizations when information generat- 
ed in a direct relationship is recorded in the files of other organizations that 
have no direct relationship with him—lies at the core of the recommenda- 
tions in this report. The Commission finds that most organizations that keep 
records about individuals fall into one of three categories: (1) the primary 
record keeper (such as a credit grantor, insurer, or social services agency) 
that has a direct relationship with the individual; (2) support organizations 
whose sole sources of information are the primary record keepers they serve; 
and (3) support organizations (usually of an investigative character) that 
have independent sources of information. While this typology does not fit all 
cases—credit bureaus, for example, supplement the information they receive 
from credit grantors with information they search out from public records— 
it can serve as a guide in apportioning responsibilities among record-keeping 
Institutions. a? 

The fourth characteristic—that a primary record keeper normally 





CamScanner 


10 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


verifies the information about himself an individual provides it, and tends to 
lean as much or more on the verification information it gets from other 
organizations than on what the individual divulges about himself—gives rise 
to some of the most difficult privacy protection issues. As records 
progessively displace face-to-face acquaintance, individuals are more and 
more driven to permit information in records about them to be disclosed as 
a condition of receiving services and benefits. For example, an individual 
who wants a credit card usually cannot have one unless he is willing to 
permit information about his credit usage to be disclosed regularly to credit 
bureaus, and through them to other credit grantors. An individual who 
applies for life insurance must agree to allow medical information about him 
to be disclosed to the Medical Information Bureau, and through the Bureau 
to later inquiring life and health insurers. An individual must now allow 
information to be disclosed from his medical records for a growing number 
of purposes even though the medical-care relationship requires him to 
divulge the most intimate details of his life and undergo the most intimate 
observation. 

The sharing of information among record-keeping organizations also 
transmits the stigma that goes with some kinds of information. One’s own 
physician, for example, may heartily approve of taking a minor or 
temporary problem to a psychiatrist, but the potential consequences of 
disclosing the mere fact that one has had psychiatric treatment are too well 
known to need description. Equally serious for some individuals are the 
consequences of disclosing arrest records, military discharge codes, and 
previous adverse insurance decisions, and the simple fact that a number of 
credit grantors asked for credit reports on a particular individual during a 
short span of time can adversely affect an evaluation of his credit 
worthiness. Such problems stem in part from the tendency of organizations 
to accept at face value information they get about individuals from other 
organizations. Questions are seldom asked about the social or bureaucratic 
processes by which the information came to be in the other organization's 
records, so that unwarranted assumptions can easily be made about its 
value. For the individual, of course, such an unwarranted assumption can 
start a progression of fortuitous events that may permanently deprive him of 
Opportunities he deserves, or make it impossible for him to escape a 
particular line of inquiry whenever he seeks to establish a relationship with 
another organization. 

The fifth and last characteristic—that neither law nor technology gives 
an individual the tools he needs to protect himself from the undeserved 
difficulties a record can create for him—may also leave him helpless to stop 
damage once it has started. Current law is neither strong enough nor specific 
enough to solve the problems that now exist. In some cases, changes in 
record-keeping practice have already made even recent legal protections 
obsolete. As record-keeping systems come to be used to preclude action by 
the individual, a recent trend in the credit and financial areas, it is important 
that the individual also be given preventive protections to supplement the 
after-the-fact protections he sometimes has today, The fact that Fair Credit 
Reporting Act procedures will enable him to get errors in the record 


CamScanner 


Introduction 11 


corrected can be small and bitter comfort to a traveler stranded in a strange 
city late at night because information about his credit-card account status 
was inaccurately reported to an independent authorization service. He 
would undoubtedly prefer a procedure that would enable him to get an error 
corrected before it entered into an adverse decision about him, and so would 
most everyone if he stopped and thought about it. 

The Commission also found numerous examples of situations in which 
decisions or judgments made on the basis of a record about an individual 
can matter to the individual very much but in which he has no substantive or 
procedural protection at all. The law as it now stands simply ignores the 
strong interest many people have in records about them—applicants to 
graduate and professional schools, people being considered for jobs or 

romotions for which they have not formally applied, patients whose 
records are subpoenaed as evidence in court cases that do not involve them 
directly, proprietors of small businesses who are the subjects of commercial- 
credit investigations, and individuals who are the subjects of Federal agency 
records the agency retrieves and uses by reference to some characteristic of 
the individual other than his name or an assigned identifying particular. 

Paralleling the categories of individuals without protection under 
current law, there are categories of records that are subject to existing legal 
requirements if they are created by one particular type of organization, but 
not if they are created by any other type of organization, although the record 
and its purpose may be the same in all cases. For example, an investigative 
report is subject to restrictions if it was prepared by an investigative agency, 
but not if it was prepared by an insurance company or employer. 

The Commission also found that whether a record is subject to existing 
law can depend on the technique by which it is generated or retrieved. For 
example, how does the Equal Credit Opportunity Act, a law drawn on the 
assumption that credit decisions turn on one or two particular items of 
information about the applicant, apply when a credit grantor uses “point 
scoring,” a new method of evaluating credit applicants which submerges all 
the particular items of information about the applicant into one overall 
score? 

The prescreening of mailing lists° is another record-keeping technique 
that muddies the assumptions underlying existing legal protections. If a 
mailing list is to be used by a credit grantor to solicit new customers but is 
first run through an automated credit bureau where an individual’s name is 
deleted from the list because his credit bureau records are in error as to the 
promptness with which he pays his bills, has he been subjected to an adverse 
credit decision? The law is currently unclear. 

The role that technique can play in determining whether a particular 
type of record or record-keeping operation is or is not within the scope of 
existing legal protections is comparatively new. It arises in the main from 
automation, which multiplies the uses that can be made of a record about an 
individual, and will grow in importance as new record-keeping applications 
of computer and telecommunications technology are developed. Computers 


a 
5 See Chapter 4. 


689 CamScanner 


12 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


and telecommunications serve the interests of institutions and can be best 
appreciated as extensions of those interests, as subsequent chapters suggest. 
The failure to recognize that relationship has deflected attention from the 
essential policy choices the new technologies offer. Nonetheless, without the 
new technologies, certain record-keeping practices and the organizational 
activities they support would not be possible. 

The broad availability and low cost of computer and telecommunica- 
tions technologies provides both the impetus and the means to perform new 
record-keeping functions. These functions can bring the individual substan- 
tial benefits, but there are also disadvantages for the individual. On one 
hand, they can give him easier access to services that make his life more 
comfortable or convenient. On the other, they also tempt others to demand, 
and make it easier for them to get access ‘to, information about him for 
purposes he does not expect and would not agree to if he were asked. 

It is also quite evident that record-keeping organizations exploiting 
these new technologies to facilitate their own operations now pay little heed 
to the ways they could use the same technologies to facilitate exercise of the 
individual’s rights and prerogatives in records used to make important 
decisions about him. It is ironic but true that in a society as dependent as 
ours on computer and telecommunications technology, an individual may 
still have to make a personal visit to a credit bureau if he wants access to the 
information the bureau maintains about him, or to get an erroneous record 
corrected. Although an error in a record can now be propagated all over the 
country at the speed of light, many organizations have made no provision to 
propagate corrections through the same channels, and existing law seldom 
requires them to do so. As a general proposition, system designers by and 
large have not fully used their knowledge and capabilities to make record- 
keeping systems serve individual as well as organizational needs and 
interests. 

This is not to lay the blame on system designers, who are people doing 
what they are asked to do by the record-keeping organizations that support 
or pay for their services. The fault lies in the lack of strong incentives for the 
organization to ask them to do what they know how to do in the individual’s 
interest. One reason for the way systems are designed and have been 
operated in the past has been their high cost. Instead of costing more, 
however, increased technological capability is now costing less and less, 
making it easier than ever for record-keeping organizations to take account 
of the individual’s interests as well as their own, if they have incentives to do 
so. 

One of the most striking of the Commission’s several findings with 
respect to the current state of record-keeping law and practice is how 
difficult it can be for an individual even to find out how records about him 
are developed and used. What makes the difficulty the more serious is that 
the limited rights he now has depend in the main on his taking the initiative 
to exercise them. The list of records kept about an individual of which he is 
not likely to be aware seems endless. Even when he knows a record is being 
compiled, he often does not know what his rights with respect to it are, mych 


CamScanner 


Introduction 13 


less how to exercise them effectively, nor is he likely to be aware at the time 
he enters a record-keeping relationship of the importance of finding out. 

In most cases, the individual can only guess at what types of 
information OF records will be marshaled by those making any particular 
decision about him; furthermore, the specific sources are likely to be 
concealed from him. The situation makes it all but impossible for him to 
identify errors, or if he does, to trace them to their source. It also makes it 
impossible for him to know whether organizations with which he believes he 
has a confidential relationship have disclosed records about him to others 
without his knowledge or consent. 


THE OBJECTIVES OF A NATIONAL POLICY 


Every member of a modern society acts out the major events and 
transitions of his life with organizations as attentive partners. Each of his 
countless transactions with them leaves its mark in the records they 
maintain about him. The uniqueness of this record-generating pressure 
cannot be overemphasized. Never before the Twentieth Century have 
organizations tried or been expected to deal with individuals in such an 
exacting fashion on such a scale. Never before have so many organizations 
had the facilities for keeping available the information that makes it possible 
for them to complete daily a multitude of transactions with a multitude of 
individuals, and to have the relevant facts on each individual available as a 
basis for making subsequent decisions about him. Obviously the advent of 
computing technology has greatly contributed to these changes, but 
automated record-keeping has grown in concert with many other changes in 
administrative techniques, and in public attitudes and expectations. 

The Commission finds that as records continue to supplant face-to- 
face encounters in our society, there has been no compensating tendency to 
give the individual the kind of control over the collection, use, and 
disclosure of information about him that his face-to-face encounters 
normally entail. 

What two people divulge about themselves when they meet for the first 
time depends on how much personal revelation they believe the situation 
warrants and how much confidence each has that the other will not 
misinterpret or misuse what is said. If they meet again, and particularly if 
they develop a relationship, their self-revelation may expand both in scope 
and detail. All the while, however, each is in a position to correct any 
misperception that may develop, and to judge whether the other is likely to 
misuse the personal revelations, or pass them on to others without asking 
permission. Should either suspect that the other has violated the trust on 
which the candor of their communication depends, he can sever the 
relationship altogether, or alter its terms, perhaps by refusing thereafter to 
discuss certain topics or to reveal certain details about himself. Face-to-face 
encounters of this type, and the human relationships that result from them, 
are the threads from which the fabric of society is woven. The situations in 
Which they arise are inherently social, not private, in that the disclosure of 
information about oneself is expected. 


89 CamScanner 


14 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


An individual’s relationship with a record-keeping organization has 
some of the features of his face-to-face relationships with other individuals 
It, too, arises in an inherently social context, depends on the individual’s 
willingness to divulge information about himself or to allow others to do SO 
and often carries some expectation as to its practical consequences, Beyond 
that, however, the resemblance quickly fades. 

By and large it is the organization’s sole prerogative to decide what 
information the individual shall divulge for its records or allow others to 
divulge about him, and the pace at which he must divulge it. If the record. 
keeping organization is a private-sector one, the individual theoretically can 
take his business elsewhere if he objects to the divulgences required of him, 
Yet in a society in which time is often at a premium, in which organizations 
performing similar functions tend to ask similar questions, and in which 
organizational record-keeping practices and the differences among them are 
poorly perceived or understood, the individual often has little real 
opportunity to pick and choose. Moreover, if the record-keeping organiza- 
tion is a public-sector one, the individual may have no alternative but to 
yield whatever information is demanded of him. 

Once an individual establishes a relationship with a record-keeping 
organization, he has even less practical control over what actually gets into a 
record about him, and almost none over how the record is subsequently 
used. In contrast to his face-to-face relationships with other individuals, he 
can seldom check on the accuracy of the information the organization 
develops about him, or discover and correct errors and misperceptions, or 
even find out how the information is used, much less participate in deciding 
to whom it may be disclosed. Nor, as a practical matter, can he sever or alter 
the terms of the relationship if he finds its informational demands 
unacceptable. 

A society that increasingly relies on records to mediate relationships 
between individuals and organizations, and in which an individual’s survival 
increasingly depends on his ability to maintain a variety of such relation- 
ships, must concern itself with such a situation. Ours has begun to do so, and 
the Commission’s inquiry showed that the individual’s ability to protect 
himself from obvious record-keeping abuses has improved somewhat in 
recent years. Nevertheless, most record-keeping relationships are still 
dangerously one-sided and likely to become even more so unless public 
policy makers create incentives for organizations to modify their record- 
keeping practices for the individual's protection, and give individuals rights 
to participate in record-keeping relationships commensurate with their 
interest in the records organizations create and keep about them. 

Accordingly, the Commission has concluded that an effective privacy 
protection policy must have three concurrent objectives: 


* to create a proper balance between what an individual is. 
expected to divulge to a record-keeping organization and what 
he seeks in return (to minimize intrusiveness); 


2 to open up record-keeping operations in ways that will minimize 
the extent to which recorded information about an individual is 


CamScanner 





Introduction 15 


itself a source of unfairness in any decision about him made on 
the basis of it (to maximize fairness); and 


° to create and define obligations with respect to the uses and 
disclosures that will be made of recorded information about an 
individual (to create legitimate, enforceable expectations of 
confidentiality). 


These three objectives both subsume and conceptually augment the 
rinciples of the Privacy Act of 19746 and the five fair information practice 
rinciples set forth in the 1973 report of the Department of Health, 

Education, and Welfare’s Secretary’s Advisory Committee on Automated 
Personal Data Systems.” The second objective, to maximize fairness, in a 
sense subsumes all of them, and many of the Commission’s specific 
recommendations articulate them in detail. The Commission has gone about 
protecting personal privacy largely by giving an individual access to records 
that pertain to him. Taken together, however, the three proposed objectives 
-go beyond the openness and fairness concerns by specifically recognizing 
the occasional need for a priori determinations prohibiting the use, or 
collection and use, of certain types of information, and by calling for legal 
definitions of the individual’s interest in controlling the disclosure of certain 
types of records about him. 


Minimizing Intrusiveness 


The Commission believes that society may have to cope more 
adequately in the future with objections to the collection of information 
about an individual on the grounds that it is “nobody’s business but his 
own.” There are only a few instances where the collection, or collection and 
use, of a particular type of information has been proscribed on grounds of 
impropriety, i.e., unwarranted intrusiveness. There are a number of 
examples of the proscription of certain uses of particular types of 
information, such as race, sex and marital status, but the character of these 
fairness-based proscriptions is not the same as when unwarranted intrusive- 
ness is the rationale. When fairness is the overriding concern, organizations 
must often continue to collect the information in question in order to 
demonstrate compliance. For example, how can an employer or credit 
grantor show that it is not systematically using sex and race to discriminate 





6 For an analysis of the Privacy Act principles, see Chapter 13. 

"U.S. Department of Health, Education and Welfare, Secretary's Advisory Committee on 
Automated Personal Data Systems, Records, Computers, and the Rights of Citizens (Washington, 
D.C.:1973), p.41. The five fair information principles were: (1) there must be no personal-data 
record-keeping systems whose very existence is secret; (2) there must be a way for an individual 
to find out what information about him is in a record and how it is used; (3) there must be a way 
for an individual to prevent information about him obtained for one purpose from being used 
or made available for other purposes without his consent; (4) there must be a way for an 
individual to correct or amend a record of identifiable information about him; and (5) any 
Organization creating, maintaining, using, or disseminating records of identifiable personal data 
Must assure the reliability of the data for their intended use and must take reasonable 
Precautions to prevent misuse of the data. 


689 CamScanner 


16 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


among applicants unless it records the sex and race of all applicants? When 
impropriety is the main concern, however, the mere asking of the question 
must be proscribed. The proscription may also apply to use, but only to 
make sure that if the proscribed information is already on record, it will not 
enter into the decision-making process. 

The intrusiveness issue is perhaps the most difficult one the Commis- 
sion addresses. Whether or not the questions an organization asks 
individuals constitute intrusions on personal privacy is a problem that 
begins with the lines of inquiry society accepts as proper for an organization 
to pursue in making decisions about individuals. Thus, so long as society 
countenances a particular line of inquiry, questions as to how far it may 
properly go seem largely aesthetic. Indeed, if an individual’s only concern is 
to be fairly treated, he should logically prefer to have recorded as much 
information as possible about himself as protection against inaccurate 
evaluation. For the individual there is clearly a trade-off. Does he always 
want to be evaluated on the basis of information that is, from an objective 
standpoint, strictly relevant, or does he prefer to be evaluated on the basis of 
a thoroughgoing inquiry that may give context to his particular situation 
and allow extenuating but not patently relevant circumstances to be taken 
into account? Such questions are extremely difficult if not impossible to 
answer. The Commission, in the chapters that follow, recommends four 
ways of addressing them. 

First, the Commission recommends that individuals be informed more 
fully than they now are of the information needs and collection practices of 
a record-keeping organization in advance of committing themselves to a 
relationship with it. If the individual is to serve as a check on unreasonable 
demands for information or objectionable methods of acquiring it, he must 
know what to expect so that he will have a proper basis for deciding whether 
the trade-off is worthwhile for him. 

Second, the Commission also recommends that a few specific types of 
information not be collected at all. For example, in the employment and 
personnel area, the Commission will recommend that arrest information not 
be collected by employers for use in hiring and promotion decisions unless 
its use for such purposes is required by law. 

Third, the Commission proposes certain limitations on the information 
collection methods used by record-keeping organizations. In general, the 
Commission believes that if an organization, public or private, has declared 
at the start its intent to make certain inquiries of third parties, and to use 
certain sources and techniques in doing so, it should be constrained only 
from exceeding the scope of its declaration. The Commission also 
recommends that private-sector record keepers be required to exercise 
reasonable care in selecting and retaining other organizations to collect 
information about individuals on their behalf, These “reasonable care” 
recommendations and the ones that would bar pretext interviews and make 
acquiring confidential information under false pretenses punishable as’ a 
criminal offense, are the Commission’s response to testimony showing that 
some organizations make a business of acquiring confidential records about 


CamScanner 


| 


Introduction 17 


individuals without their authorization for use by lawyers and insurance 
claim adjusters. 
Finally, in some areas, the Commission supports the idea of having 
overnmental mechanisms both to receive complaints about the propriety of 
inquiries made of individuals and to bring them to the attention of bodies 
responsible for establishing public policy. The Commission believes, 
however, that such complaints require the most delicate public-policy 
response. Our society 1s wary of government interference in information 
flows, and rightly so, even when personal privacy is at stake. It may be 
warranted in some cases, but only as a last resort. Thus, the Commission 
refers to see such concerns addressed to the greatest possible extent by 
enabling the individual to balance what are essentially competing interests 
within his own scheme of values. 


Maximizing Fairness 


A principal objective of the Privacy Act of 1974 is to assure that the 
records a Federal agency maintains about an individual are as accurate, 
timely, complete, and relevant as is necessary to assure that they are not the 
cause of unfairness in any decision about the individual made on the basis of 
them. Proper management of records about individuals is the key to this 
objective, and the Privacy Act seeks to enlist the individual’s help in 
achieving it by giving him a right to see, copy, and correct or amend records 
about himself. The Fair Credit Reporting Act (FCRA) and the Fair Credit 
Billing Act (FCBA) also focus on fairness in record keeping, though their 
scope of application and their specific requirements differ from those of the 
Privacy Act. FCRA requirements apply primarily to the support organiza- 
tions which verify and supplement the information a credit, insurance, or 
employment applicant divulges to the primary record keepers in those three 
areas, but which do not themselves participate in decisions about applicants. 
The FCBA, however, applies to primary record keepers but only to a 
particular type—grantors of credit that involves regular billing—and only to 
a particular aspect of their operations—the settlement of billing disputes. 

Other recent legislation centering on fairness in record keeping 
includes the Family Educational Rights and Privacy Act of 1974 and the 
several State fair-information-practice statutes. Their scope and specific 
requirements approximate those of the Privacy Act more closely than do 
those of any of the fairness-centered statutes that currently apply to the 
private sector. 

___ All of these efforts to establish fairness protections for records about 
individuals have been resisted. The arguments against them have ranged 
from the alleged need to keep secret the identity of third-party sources, even 
institutional sources, to fear that organizations would be inundated with 
requests to see, copy, and correct records. These arguments are still heard, 
despite the fact that wherever such protections have been established, most 
of the anticipated difficulties have failed to materialize. 

_ The vast majority of the Commission’s recommendations relate 
directly or indirectly to fairness in record keeping. For the individual, 


6859 CamScanner 


18 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


necessary fairness protections include a right of access to records about 
himself for the purpose of reviewing, copying, and correcting or amending 
them as necessary plus some control over the collection and disclosure of 
information about him. For organizations, fairness protection includes the 
responsibility to apprise individuals that records have or will be created 
about them, and to have reasonable procedures for assuring the necessary 
accuracy, timeliness, completeness, and relevance of the information in the 
records they maintain about individuals, including a responsibility to 
forward corrections to other organizations under specified circumstances, 
The Commission believes, however, that achieving the fairness objective will 
depend on varying the combination of rights for individuals and responsibilities 
for organizations according to the particular circumstances -of each type of 
record-keeping relationship. 

For’ example, the Commission will recommend that applicants in 
several areas of record keeping be apprised of the scope, sources, and 
methods of inquiry the organization intends to use in verifying application 
information, but the recommended requirement is not precisely the same in 
each case. Similarly, the Commission will also recommend a general right of 
access for individuals to the records about them maintained by insurance 
institutions and medical-care providers. But because credit and depository 
institutions typically have procedures for keeping an individual apprised of 
the content of the records they maintain about him, the Commission there 
will recommend a more limited right of access for individuals to be triggered 
by an adverse decision. So also the Commission concluded that the 
individual’s right of access to records about him maintained for research 
and statistical purposes can safely be limited to situations in which such a 
record may be used in making a decision about him. 

The right to correct or amend a record is essential to fairness in many 
areas. To be effective, it must usually be coupled with an obligation of the 
record-keeping organization to forward the correction or amendment to 
past recipients of inaccurate or incomplete information. The Commission 
has recommended modifying this blanket obligation somewhat to require 
that record keepers need forward corrections and amendments only to past 
recipients designated by the individual and those to which the record- 
keeping organization regularly discloses the kind of information in question. 
The Commission believes that this modification has the desirable effect of 
relieving record-keeping organizations of the obligation to keep an account- 
ing of every disclosure of every record about an individual without 
materially weakening the individual’s protection. Amendments would, of 
course, still have to be forwarded to future recipients and the insurance and 
employment recommendations call, in addition, for automatic propagation 
of corrections and amendments to investigative support organizations that 
were sources of corrected or amended information. All of the correction and 
amendment recommendations also make provision for disagreements 
between the individual and a record-keeping organization about the 
accuracy, timeliness, or completeness of a record. 

In regard to fairness in disclosure, the Commission recommends 
requiring the individual’s authorization where it finds that a necessary 


CamScanner 


Introduction 19 


rotection, and specifies what it believes the authorization statement should 
contain if it is to serve both the information needs of, for example, insurers 
and employers and the individual’s interest in controlling the divulgence of 
information about himself by record keepers with which he has a 
confidential relationship. The Commission’s recommendations in this 
regard recognize the gatekeeping role that certain types of records play—that 
is, the role they play in decisions as to whether an individual will be allowed 
to enter into particular social, economic, or political relationships, and if so, 
under what circumstances. Where records play such a role, the individual 
usually has no choice but to allow them to be used in making decisions 
about him. Since informed consent is valid only if wholly voluntary, it 
means little in this context. Hence, the Commission finds authorization the 
appropriate pre-condition of disclosure, rather than informed consent, and 
couples it with a principle of limited disclosure. This principle is a key concept 
because it asserts that a disclosure should include no more of the recorded 
information than the authorized request for disclosure specifies. The 
Commission recognizes, and indeed emphasizes, that the holder of a record 
cannot and should not bear the burden of deciding what information to 
disclose when presented with a valid authorization statement of the type the 
Commission recommends. The main problem is that some keepers of 
records that contain intimate personal details routinely disclose much more 
information about individuals than they are asked for, simply as a matter of 
convenience and economy. The Commission, therefore, has established the 
principle of limited disclosure as a general tenet of fair record-keeping 
practice. 

The Commission’s fairness recommendations generally call for reason- 
able procedures to assure accuracy, timeliness, and completeness in records 
of information about individuals. For example, in the public sector, the 
Commission recommends that reasonable procedures be an affirmative 
management obligation, while in the private sector, it relies on the rights it 
recommends for individuals to assure that organizations adopt reasonable 
procedures. 

The Commission believes that by opening up record-keeping practices 
and by giving an individual opportunities to interact easily with a record 
keeper, particularly at crucial points in a record-keeping relationship, both 
individuals and organizations will benefit. The quality of the information in 
records will be improved while at the same time the individual and the 
organization will both be protected from errors or other deficiencies that can 
have untoward consequences for both. 


Legitimizing Expectations of Confidentiality 


The third public-policy objective, protecting confidentiality, pertains 
to the disclosure of information about an individual without his consent. 
Confidential treatment of recorded information is necessary for the 
maintenance of many kinds of relationships between individuals and 
Organizations. The medical-care relationship, for example, often demands 
uninhibited candor from the individual about the most intimate details of 


CamScanner 


20 PERSONAL PRIVACY IN AN INFORMATION SOCIETy 


his private life. There are also relationships between individuals and 
organizations that depend on the accumulation of extremely detailed 
records about the individual’s activities, such as those compiled by a bank or 
by an independent credit-card issuer. The records of these relationships 
provide a revealing, if often incomplete, portrait of the individual, often 
touching on his beliefs and interests as well as his actions. While in theory 
these relationships are voluntary, in reality an individual today has little 
choice but to establish them as he would be severely, and perhaps 
~ insurmountably, disadvantaged if he did not. 

There is also the fact that many of the records about individuals which 
these record keepers now maintain are the kinds of records the individual 
formerly would have kept in his exclusive possession. The transactional 
record a checking account creates, for example, would have existed a 
century ago in the form of receipts or, at most, ledger entries kept by the 
individual himself at home. 

As long as records remained in his possession, both law and societal 
values recognized his right to control their use and disclosure. Government 
in particular was restricted in its ability to gain access to them, even to 
facilitate a criminal prosecution. When organizations began to maintain 
such records, however, the individual began to lose control over who might 
see and use them. The balance society had deemed crucial was disrupted. 

Although individuals have tended to retain the old value system, 
expecting certain records to be held in confidence by the organizations that 
now maintain them, the law has not taken account of that fact. The 
protections that exist still apply in almost all instances only to records in the 
individual’s exclusive possession. The lack of a legal interest for the 
individual in the records organizations maintain about him has put him in 
an extremely vulnerable position. The scale and impersonality of organiza- 
tional record keeping today allows him little opportunity to influence an 
organization’s own use and disclosure practices, and as the Miller case 
showed, he has no interest whatsoever to assert when government demands 
access to the records an organization maintains about him. The Miller case 
said, in effect, that government no longer has to operate within the strictures 
of the Fourth and Fifth Amendments when it wants to acquire financial 
records pertaining to an individual; that what were once his private papers 
are now open to government scrutiny. What amounts to mere curiosity will 
suffice as justification if government agents want to see them. 

To help redress the imbalances between individuals and organizations 
on one hand, and individuals, organizations and government on the other, 
the Commission recommends in this report that a legally enforceable 
“expectation of confidentiality” be created in several areas. The concept of 
legally enforceable expectation of confidentiality has two distinct, though 
complementary, elements. The first is an enforceable duty of the record 
keeper which preserves the record ‘keeper’s ability to protect itself from 
improper actions by the individual, but otherwise restricts its discretion to 
disclose a record about him voluntarily. The second is a legal interest in the 
record for the individual which he can assert to protect himself against 
improper or unreasonable demands for disclosure by government or anyone 


ad 
CamScanner 


<i ‘ 


introduction 21 


else. The Commission has concluded that without this combination of duty 
nd assertible interest, the law as it stands now will continue to deprive the 
individual of any opportunity to participate in decisions of organizations to 
disclose records kept about him, whether the disclosure is voluntary or in 
response to an authoritative demand. 

The Commission specifies what it considers to be the proper terms of 
the individual’s enforceable expectation in relationships with credit gran- 
tors, depository institutions, insurers, medical-care providers, the Internal 
Revenue Service, and providers of long-distance telephone service. Once 
again the recommendations are tailored to the particulars of each kind of 
record-keeping relationship. In each case, the Commission recommends that 
a protectible legal interest for the individual be created by statute; specifies 
the voluntary disclosures it believes should be permissible without the 
individual’s consent and the procedures for establishing them; and sets forth 
the rules for initiating and complying with government demands for access 
to records. In no instance, however, does the Commission advocate 
complete, unilateral control by the individual. In every case it has respected 
the record-keeping organization’s legitimate interests when threatened by 
actions of the individual. In essence, the Commission has said that the 
individual’s interest must be recognized; that there must be procedures to 
force conflicting claims into the open; and that within this framework 
established by public policy, value conflicts should be resolved on a case-by- 


case basis. 


COMPETING PUBLIC-POLICY INTERESTS 


A major theme of this report is that privacy, both as a societal value 
and as an individual interest, does not and cannot exist in a vacuum. Indeed, 
“privacy” is a poor label for many of the issues the Commission addresses 
because to many people the concept connotes isolation and secrecy, whereas 
the relationships the Commission is concerned with are inherently social. 
Because they are, moreover, the privacy protections afforded them must be 
balanced against other significant societal values and interests. The 
Commission has identified five such competing societal values that must be 
taken into account in formulating public policy to protect personal privacy: 
(1) First Amendment interests; (2) freedom of information interests; (3) the 
societal interest in law enforcement; (4) cost; and (5) Federal-State 
relations. 


THE First AMENDMENT AND PRIVACY 


__ The legitimate expectation of confidentiality is a concept the Commis- 
sion endorses for several of the record-keeping relationships examined in 
this report. The policy objective is that when the relationship is one 
Involving confidentiality of records, the record keeper shall be constrained 
from disclosing information about an individual without his authorization, 
either voluntarily or in response to a demand for it. The Commission 
recognizes that recommending any restriction on the free flow of truthful 





6859 CamScanner 


22 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


information raises serious questions in a democratic society, and sought 
ways to avoid conflict with both the goals of the First Amendment to the 
Constitution, and with the policy of broad access to public information 
articulated in statutes like the Freedom of Information Act. 

When the Commission recommends rules to govern a record keeper's 
voluntary disclosure of a record about an individual, it does not attempt to 
specify, nor does it assign to either government or the individual the 
responsibility of determining which information in the record may or may 
not be disclosed. Neither does the Commission recommend ¢ any liability for 
third parties who merely receive information or records generated by a 
confidential relationship. The Commission's recommendations simply 
specify to whom information may be disclosed without the individual's 
consent. The role of government in the enforcement of a recommended 
expectation of confidentiality would be simply to act, through the courts, as 
referee in disputes between a record keeper and an individual about whether 
an expectation is legitimate and whether it has been violated. Government 
would have no independent interest to enforce, and would take no 
enforcement initiative, except where deception or misrepresentation is used 
to acquire medical records without the patient’s consent. Only the individual 
would have an enforceable interest. 

The Commission takes great care to avoid recommendations that 
would amount to regulating the content of records collected, maintained, or 
disclosed by private-sector organizations because of two related considera- 
tions, one abstract, the other concrete. The first consideration is that a 
democratic society must keep governmental intrusion into the flow of 
information to a minimum; the second is that the First Amendment sharply 
limits such government intrusion. Of importance here are the recent 
decisions of the U.S. Supreme Court that have found private commercial 
information flows as deserving of First Amendment protections as the 
personal exercise of the right of free speech. 

In simplified terms, the First Amendment prohibits the Federal 
government (and through the Fourteenth Amendment, the States) from 
enacting any law which would abridge the right to communicate informa- 
tion to others or to receive information from others.8 Broad as it is, this 
interpretation of the right to free speech does not mean the right is 
unlimited. It allows for such familiar strictures on the content of information 
exchanges as prohibiting slanderous or libelous communications, and, more 
pertinent to the question here, it allows for certain regulation of the process 
of communication when it occurs in a public forum. In other words, 
government may properly regulate the flow of information to the extent its 
regulations apply only to the process of communication in public places. 

In addition, the Supreme Court has been willing to accept some 
government actions which require private organizations to comply with the 





8 See, e.g., Stanley v. Georgia, 394 U.S. 557 (1969); Kliendienst v. Mandel, 408 U.S. 753 (1972); 
Cox Broadcasting Corp. v. Cohn, 420 U.S. 469 (1975). 


CamScanner 


Introduction 23 


decision an individual has made regarding the communications he does not 
want to receive. In Lamont v. Postmaster General, for example, the issue was 


the constitutionality of a Federal statute requiring the Postal Service to 
"prevent firms from mailing material to individuals who have indicated that 


they do not want it because they consider it obscene. Because the statute 
leaves all determinations about content to the individual and requires the 
Postal Service only to see that the individual’s wishes are respected, the 
Supreme Court held the statute constitutional. In other words, it is not 
unconstitutional to give an individual standing to assert his own interest in 
the flow of communication between private parties. 

Individuals and organizations that do not engage in commercial 
activities have traditionally enjoyed the full range of constitutional free 
speech protections. For commercial entities, however, First Amendment 

rotections have been virtually nonexistent!® until a few years ago when the 
U.S. Supreme Court, in Virginia State Board of Pharmacy v. Virginia Citizens 
Consumer Council,'! declared that the doctrine denying First Amendment 
protection to commercial speech had been swept away. In sweeping it away, 
the Court did, however, indicate that some restrictions on commercial 
communications are legitimate, though it left the standards for such 
restriction unclear. 

The Court in the Virginia case stressed that the decision did not mean 
that a regulation prohibiting the advertising of an illegal activity would be 
unconstitutional. In 1974, in Pittsburgh Press v. Human Relations Commis- 
sion,? there was a challenge to a municipal ordinance prohibiting the 
publication of lists of job openings by sex unless the designations were based 
on bona fide occupational considerations. The Court rejected the First 
Amendment challenge and sustained the ordinance. The majority opinion 
described the advertisements as “classic examples of commercial speech” 
and went on to note that commercial advertising ordinarily enjoys some 
First Amendment protection. What made this particular advertising 
susceptible to regulation was the illegitimacy of the activity advertised. In 
effect, the Court argued that if a commercial activity is illegal, then speech 
which promotes or assists in effecting such activity may be prohibited. 

Such a rationale is not entirely satisfactory. Is the decision of the 
Jegislature that a certain commercial activity is illegal enough to deny 
communication concerning that activity free speech and free press protec- 
tions? If the illegal activity is in part a result of the mere communication of 
information or ideas, should First Amendment analyses apply? Or should 
some other standard be employed to test the propriety of the legislative 
determination restricting communication? In any case, since the illegal- 
activity standard of Pittsburgh Press applies only to commercial communi- 
cation, this test appears to establish that commercial speech remains 
doctrinally outside the mainstream of the First Amendment in some ways. 
——— 


9391 U.S. 301 (1965). 
'° Thomas I. Emerson, The System of Freedom of Expression (New York: Vintage, 1970), p. 


414, 
11 425 U.S. 748 (1976). 
12413 U.S. 376 (1973). 


689 CamScanner 


24 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


The Commission believes that the extension of First Amendment 
protections to commercial communication as defined in these recent 
Supreme Court cases, which almost exclusively concern advertising, does 
not pose any obstacle to the establishment of legitimate expectations of 
confidentiality for individuals in the private sector. The Commission is in no 
instance recommending an absolute restriction on the communication of 
information: rather. it recommends that an individual be informed at the 
beginning of a relationship what information may be disclosed from records 
about him and for what purposes. Following Lamont, it also recommends 
that an individual be given an opportunity to participate in any change that 
would materially affect his legitimate expectation. 

Protection of privacy against government intrusions is a complementa- 
ry limitation to protection of communications from government interfer- 
ence. Therefore, the Commission further recommends that if the requestor 
of records is a government agency, such agency bear the burden of notifying 
the individual, and that laws be enacted to allow the individual standing to 
assert his interest as defined in the recommended measures. This clearly 
raises no First Amendment issues. 


FREEDOM OF INFORMATION AND PRIVACY 


The second competing societal value the Commission identified is 
freedom of information. In enacting the Freedom of Information Act 
(FOIA) in 1966,!3 and strengthening it eight years later, the Congress gave 
expression to society’s strong interest in opening the records of Federal 
government agencies to public inspection. The FOIA, to be sure, allows for 
exceptions from the general openness rule which an agency may invoke for 
certain information pertaining to national defense and foreign policy, law 
enforcement, individuals, internal agency deliberations, trade secrets, and 
information specifically declared confidential by other statutes. The 
withholding of exempt records, however, is subject to administrative and 
judicial review. Most of the States have enacted their own FOIA statutes in 
one form or another. Other statutes, both Federal and State, open meetings 
of certain governmental bodies to the public. The legal actions brought to 
test these statutes have shown the courts to be generally sympathetic to 
broadening public access to government records and deliberations, and, of 
course, journalists are natural advocates of full access and disclosure. 
Altogether, the presumption against secrecy in decision making and record 
keeping by government agencies is now firmly established. 

The Commission has recommended the continuation of restrictions on 
the disclosure of specific records about individuals maintained by govern- 
ment agencies. While this recommendation may seem to conflict with the 
principle of freedom of information and openness, the Commission firmly 
believes that it is compatible with those principles and, indeed, that they are 
ey ey aspects of a coherent public policy concerning public 
records. 


In the Federal government, adjustments between freedom of informa- 
135 U.S.C. 552. 





CamScanner 


Introduction 25 


‘on policy and confidentiality policy are made at two levels. At the first of 
Free levels, the Federal FOIA makes adjustments by incorporating scien 
statutes which, with particularity, direct that specific records be withheld 
from the public. The Federal FOIA does not require the disclosure of 
matters that are: 


specifically exempted from disclosure by statute (other than section 
552b of this title), provided that such statute (A) requires that the 
matter be withheld from the public in such a manner as to leave no 
discretion on the issue, or (B) establishes particular criteria for 
withholding or refers to particular types of matters to be withheld. 
[5 U.S.C. 552(b)(3) (1976)] 


Tax returns and the responses of individual households to Census Bureau 
inquiries fall into this category. The Commission believes that it is preferable 
for the Congress to create this sort of explicit confidentiality policy than for 

overnment administrators to decide when such records should or should 
not be disclosed. 

The second level at which freedom of information and privacy 
interests relate becomes apparent when a Federal agency receives a 
legitimate Freedom of Information Act request for access to a record about 
an individual and finds that the record is subject to the Privacy Act of 1974. 
When the two Acts are read together any disclosure of a record about an 
individual in a system of records as defined by the Privacy Act to any 
member of the public other than the individual to whom the record pertains 
is forbidden if the disclosure would constitute a “clearly unwarranted 
invasion of personal privacy.” The reverse obligation also holds: even 
though a record is about an individual, it cannot be withheld from any 
member of the public who requests it if the disclosure would not constitute a 
clearly unwarranted invasion of personal privacy. The courts are the final 
arbiters of which disclosures do or do not meet the unwarranted-invasion 
test and over the years they have established certain types of recorded 
information which must be disclosed without question. Two examples are 
Civil Service grades of Federal employees, and the names of persons who 
have participated in elections supervised by the National Labor Relations 
Board. 

For government, the Commission believes that the policy of combin- 
ing explicit legislation for particular types of records with a general standard 
to be applied in all other cases is an appropriate way to balance the freedom 
of information interests and confidentiality interests. As Chapter 13 
explains, the combination does not lead to resolution of difficult cases 
overnight, but it does create a framework within which the conflicts between 
the two competing though compatible interests can be resolved. 

__ The general concept of freedom of information has no currency in the 
Private sector. Issuers of regulated securities must publicly disclose 
particular items of information about the individuals who control or manage 
Companies, but organizations in the private sector by and large have no 
affirmative obligation to disclose their records about individuals to the 
public. They may be required to disclose such records to government 


689 CamScanner 


26 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


agencies for a variety of reasons, as described in Chapter 9, but in many 
cases government is prohibited from subsequently disclosing that informa- 
tion to the public. Thus, in the private sector there is no freedom of 
information policy to conflict with a confidentiality of records policy. 

Indeed, the Commission believes that in most instances the persuasive 
power of an active press can be relied on to work out a proper adjustment 
between the right to privacy and the freedom of information principle as it 
applies to public disclosure of information in records about individuals 
maintained by private-sector organizations. However, the Commission also 
believes that the individual needs some limited control over the public 
disclosure of particular types of information about him. An individual 
should be able to limit the public disclosure of credit, insurance, medical, 
employment, and education record information about himself. In these 
areas, the Commission has recommended for the individual an assertible 
interest so that he can have a role in determining whether information about 
him should be publicly released. In fact, as to certain identifying informa- 
tion referred to as directory information, the Commission’s recommendations 
recognize the general practice of public disclosure in such areas as 
employment, medical care, and education. Thus, reporters should be able to 
continue to find out who is in what hospital, who is employed by what firm, 
and who is enrolled in what school. 

The Commission’s recommendations, with one exception, do not limit 
or affect the ability of the press to request or obtain information. The area of 
medical records is the one area where the Commission not only recommends 
a duty on the record keeper to respect an individual’s expectation of 
confidentiality but also suggests that it be made a crime to seek such 
information through misrepresentation or deception. Specific abuses by 
persons seeking medical-record information for use in adversary situations 
have led the Commission to conclude that such a recommendation is 
necessary. In all other cases, the Commission’s recommendations do- not 
limit or affect the ability of the press to request or obtain information. These 
balances are difficult to strike and the Commission has attempted to 
establish mechanisms for doing so rather than recommend specific 
disclosure prohibitions. 


LAW ENFORCEMENT AND PRIVACY 


The third competing interest the Commission identified is the interest 
in preventing and prosecuting crime. Organizations do and should have the 
means of protecting themselves from suspected fraud in insurance claims, 
fraudulent use of credit cards, multiple welfare applications, and the like. 
Organizations, both private and public, exchange information among 
themselves and with law enforcement authorities to protect against such 
losses and to assist in the prosecution of crime. The Commission has not 
suggested that this organizational interest be curtailed. Rather, it recom- 
mends that individuals be apprised, at the time they establish a relationship 
involving confidential records that information about them may be 


CamScanner 


a 
a 


Introduction 7 


disclosed for investigative or enforcement purposes if the record keeper 
develops evidence that points to criminal behavior on their part. 

Government requests or demands for recorded information about 
individuals for law enforcement purposes pose a special problem. As a result 
of the Miller decision discussed earlier, an individual has no constitutional 
protections against government demands for access to records third parties 
maintain about him. There are some statutory protections, such as those for 
census records, Federal income-tax returns, and records developed in 
connection with federally funded drug abuse research and treatment 
programs. The Commission believes, however, that the individual should 
have an assertible interest in other types of records about him, such as those 
maintained by financial institutions, insurance companies, medical-care 

roviders, and providers of long-distance telephone service, as a matter of 
general policy. 

Government agencies have testified that to enforce the law, they need 
full and complete access to records kept about individuals by third parties. 
They argue that to restrict their access, or more specifically to subject it to 
the assertion of an individual’s interest, would unduly handicap their 
legitimate law enforcement activities. The Commission seriously considered 
these arguments and has developed a set of recommendations that allow for 
continued law enforcement access, but under stricter rules. These rules are 
in two parts. First, they require law enforcement agencies to use legal 
process of some form whenever they seek information about an individual 
from a third-party record keeper. Second, when they seek access to records 
in which the individual has a legitimate expectation of confidentiality, the 
Commission recommends that the individual involved be given notice and 
the legal capacity to contest the action. The Commission has not recom- 
mended prohibiting government access, but rather giving the individual an 
assertible interest in the process of government information gathering about 
him. The requirement for legal process in all instances has the further 
advantage that it creates the basis for meaningful accountability mechan- 


isms. 


THE COST OF PRIVACY 


The fourth competing interest the Commission identified is cost. In 
maximizing fairness, this is the most compelling competing interest. 
Whether an organization is public or private, to make changes in record- 
keeping practices can increase its cost of operation and thus make the 
product or service it provides either more expensive or less accessible, or 
both. When this happens, both the record-keeping organization and some if 
not all of its customers or clients suffer. Adoption of the Commission’s 
recommendations means that a great many organizations will have to make 
some changes in their record keeping. The costs of compliance will be higher 
or lower depending on how well an organization’s current practices reflect 
the recommended balance between organizational interests and the individ- 
ual’s interest. The Commission has tried to keep compliance costs to a 
minimum by not recommending that organizations be required to report 


CamScanner 


28 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


periodically to Federal or State government agencies, and also by not 
recommending inflexible procedural requirements. 

The Commission’s recommendations are aimed at getting results, 
Thus, they try to take advantage of the shared interest of individuals and 
organizations in keeping records accurate, timely, and complete. As 
previously noted, one reason for giving an individual a right of access to 
records about him is that doing so affords an organization the free help of an 
expert—the individual himself—on the accuracy of the information the 
organization uses to make decisions about him. Organizations, however, 
need some assurance before they are willing to enlist such help that it will 
not turn out to.be unduly or undeservedly expensive. 

To open an insurance company’s underwriting files to inspection by 
applicants and policyholders, for example, gives the company a powerful 
motive to record only accurate, pertinent information about them and to 
keep its records as timely and complete as necessary. To encourage 
applicants and policyholders to look for information in underwriting files 
that could serve as the basis for defamation actions and windfall recoveries, 
however, would be contrary to the Commission’s cost-minimizing objective 
and also an impediment to systemic reform. The Commission wants 
organizations to invest in improving their record-keeping practices; not to spend 
their money in costly litigation over past practices and honest mistakes. Hence 
the Commission’s recommendation is to limit the liability of a record keeper 
that responds to an individual’s request for access to a record it maintains 
about him. 

Organizations in the private sector have a strong interest in keeping 
their decisions about customers, clients, applicants, or employees free of 
unreasonable government interference. The Commission’s recommenda- 
tions recognize this interest by concentrating on the quality of the 
information an organization uses as the basis for making a decision about an 
individual, rather than on the decision itself. For private-sector organiza- 
tions the adverse-decision requirements the Commission recommends will 
expose the records used in arriving at a decision to reject an applicant, but 
the Commission relies on the incentives of the marketplace to prompt 
reconsideration of a rejection if it turns out to have been made on the basis 
of inaccurate or otherwise defective information. 

For public-sector organizations, the Commission recommends no 
affirmative requirement that they reverse an adverse decision made on the 
basis of faulty information. For educational institutions, where the 
procedures for correcting or amending records are likely to be divorced 
from decision-making procedures, and where the individual has no easily 
invokable due process protections, the Commission proposes an affirmative 
requirement to reconsider but not a requirement to reverse. The Commission 
strongly believes that to mix concern about the outcome of individual 
decisions with concern about the quality of the information used in arriving 
at them not only risks undesirable interference with organizational 
prerogatives but also invites confusion as to the nature and extent of the 
individual's privacy interest, possibly to its detriment in the long run. 


Introduction 29 


FEDERAL-STATE RELATIONS AND PRIVACY 


A major interest that must be weighed in the balance of organizations’ 
needs for information against the individual S interest in having his personal 
rivacy protected is society's interest in maintaining the integrity of the 
Federal system. The division of responsibility and authority between the 
Federal government and States is a cornerstone of the American political 
system and the Commission has been particularly attentive to itin both the 
methods it recommends for establishing legal requirements and the 
regulatory mechanisms and sanctions for enforcing such requirements. 

In areas of record keeping where the States are prominent record 
keepers, or where records are generated in carrying out State programs, the 
Commission pays particular attention to the reserved-powers principle 
enunciated in the Tenth Amendment to the Constitution, emulating the 
Supreme Court’s care!4 not to interfere with the conduct of essential State 
government functions. Thus, where Federal regulation seems necessary, the 
Commission recommends making the requirements a condition of Federal 
benefits, which leaves the States some degree of choice. The Commission 
recommends tempering such exercise of Federal spending power by leaving 
considerable latitude in how the States implement the policies, and by 
urging them to make the minimum Federal requirements part of their own 
State legislation and to assume most of the responsibility for enforcing them. 

In the areas of private-sector record keeping where the States share 
regulatory power with the Federal government, the Commission recom- 
mends maintaining the current balance. For example, in financial areas 
where the Federal government now does most of the regulating, the 
Commission relies heavily on current Federal mechanisms in the implemen- 
tation of the measures it recommends, with the State playing a supplemental 
role. In the insurance area, where the States now do most of the regulating, 
the Commission recognizes a need for some limited Federal intervention in 
order to provide the necessary uniformity, but relies on the State enforce- 
ment mechanisms that now have primary responsibility. 

Each of the implementation measures the Commission recommends is 
designed to avoid disturbance of the current Federal-State political balance 
of power. Indeed, the structure of the Commission’s recommendations as a 
whole should strengthen the Federal-State partnership and increase the 
State’s role in protecting the interests of the individual. 


IMPLEMENTATION PRINCIPLES AND CHOICES 


___ Each policy recommendation in this report is supplemented by an 
implementation recommendation. Collectively, the Commission’s imple- 
mentation recommendations add up to a consistent strategy for the practical 
application of the policies and practices the Commission believes should be 
adopted. The Commission has not tried to draft any of its recommendations 
in final statutory language. The Commission does, however, suggest how 
and in what manner its recommendations should be adopted, since the 


ee eee 
* National League of Cities v. Usery, 426 U.S. 833 (1976). 


689 CamScanner 


30 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


impact and significance of policies can be adequately assessed only in light 
of how they are to be applied. 


IMPLEMENTATION PRINCIPLES 


The Commission’s findings clearly reveal an overwhelming imbalance 
in the record-keeping relationship between an individual and an organiza. 
tion, and its policy recommendations aim at strengthening the ability of the 
individual to participate in that relationship. This can be accomplished in 
three ways: by prohibiting or curtailing unjustifiably intrusive information 
collection practices; by granting the individual basic rights, such as the right 
to see, copy and correct records about himself, coupled with obligations or 
organizations to incorporate protections for personal privacy in their routine 
record-keeping operations; and by giving the individual control over the 
disclosure of records about him. In exploring ways to implement its policy 
recommendations, the Commission was guided by three principles: (1) that 
incentives for systemic reform should be created; (2) that existing regulatory 
and enforcement mechanisms should be used insofar as possible; and (3) 
that unnecessary cost should be avoided. 

In accordance with the first of these guiding principles, the recom- 
mended measures enable the individual to compel compliance with certain 
specific requirements even if he has suffered little or no injury. The 
Commission believes that an individual should be able to go to court to 
compel the production of records and to require the correction of erroneous 
information in them, and to hold a record-keeping organization responsible 
for its disclosure practices. Because enforcement of such rights has in the 
past depended on a showing of direct financial loss, which is often difficult 
to demonstrate, most individuals have not been able to assert their interests 
effectively. The Commission’s recommendations should make it easy for an 
individual to assert his interest, thus making it attractive to organizations to 
comply voluntarily rather than incur the cost of enforcement through 
judicial or administrative action. 

The Commission believes that because giving an individual a right of 
access to records about him could lead to a defamation or invasion of 
privacy action, the liability of a record-keeping organization for such claims 
resulting from its disclosure to an individual of a record about himself 
should be limited. An institution, however, should be liable for false 
information where there has been willful intent to injure the individual. 

In accordance with the second guiding principle, that the policy 
recommendations should be implemented through existing regulatory and 
enforcement mechanisms insofar as possible, the Commission recognizes 
that while existing regulation seldom aims explicitly at protecting personal 
privacy in record keeping, it does, in fact, provide some protection, which 
the Commission has no wish to negate or duplicate. In the consumer-credit 
area, for example, Regulation Z of the Federal Reserve Board!, issued 
pursuant to the Truth-in-Lending Act, explicitly specifies how an individual 
is to be informed of the terms and conditions of a particular loan. The 


15 12 C.F.R. §226, 


CamScanner 


re 


{ntroduction 4) 


Commission’s recommendations would add a further requirement that the 
individual also be informed of the types and sources of information that will 
e collected about him and the uses to which the information will be put 

Similarly, the Commission relies on the Fair Credit Reporting Acie ae 
the vehicle for implementing many of its private-sector recommendations 
pecause it is the statute at the Federal level that deals most explicitly and 
com rehensively with privacy issues in the private sector. For example, the 
Commission recommends that the individual’s right of access to underwrit- 
ing and certain claim information about himself maintained by an insurance 
company be provided by amendment of the FCRA in order to assure 

~ nationwide compliance. However, the Commission has used a different 
approach in implementing notice to applicants and insureds in regard to the 
types of information that will be collected about them and the sources and 
techniques that will be used. In this instance, the Commission directs its 
implementation to the State level, where, as a result of the McCarren- 
Ferguson Act!7, insurance is otherwise regulated unless there is explicit 
Federal legislation to the contrary. States use this authority to regulate the 
form of insurance policies, and, in some cases, applications for insurance, 
and thus can implement the recommended notification requirements as well. 

Existing structures also provide a framework for implementing the 
Commission’s recommendations for medical records. There the Commission 
considered two types of medical record keepers—the institutional medical- 
care provider and the individual practitioner. Since most institutional 
providers qualify under Medicare and Medicaid, the qualification process 
affords an effective means of assuring the compliance of institutional 
providers with the recommended medical records requirements. Individual 
practitioners, however, do not currently have to qualify under Medicare and 
Medicaid, although they are subject to State licensing authorities, and the 
Commission, therefore, recommends that States adopt model legislation 
applying the medical records safeguard requirements to all individual 

ractitioners and to any institutional medical-care providers that are not 
subject to Medicare or Medicaid qualification requirements. 

In accordance with the Commission’s third guiding principle, it tried 
to make sure that the privacy protection safeguards it recommended would 
not involve unnecessary cost, either to individuals or to record-keeping 
organizations. The Commission believes that granting an individual rights 
within existing legal frameworks is far more efficient and significantly less 
costly than embarking on an ambitious new regulatory approach. As noted 
above, its recommended policy measures put the main ongoing costs of 
implementation on organizations that do not comply with the requirements, 
since it is they who will be subject to judicial or administrative sanctions and 
related costs. The organization that takes affirmative steps to comply with 
the recommendations should have little expense beyond the cost of 
educating its employees, initially revising some of its procedures and forms, 
and creating appropriate policy guidance. Even these costs can be 
controlled by allowing a reasonable time for transition. With intent the 





16 15 U.S.C. 1681 ef seq. 
1715 U.S.C. 1012. 


32 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


Commission does not recommend that organizations be required to report 
regularly to anyone or to obtain anyone’s approval prior to revising or 
establishing its record-keeping systems. Thus, the cost to government and to 
those who comply will be kept to a minimum. < 

The Commission’s single deviation from these three principles is the 
approach it recommends to the problem of systematic or repeated 
violations. The Commission advocates rights for individuals and relies 
primarily on the individual to exercise and protect those rights with the help 
of the courts, but as many of the chapters point out, however, giving an 
individual better ways to protect himself can be an inadequate tool. Thus, 
when there is evidence of repeated or systematic violations, the measures 
recommended for particular record-keeping areas assign specific responsi- 
bility on behalf of the public for enforcing compliance to appropriate 
government agencies, such as the Federal Trade Commission or State 
insurance departments. 

The Commission’s implementation strategy also considers the ques- 
tion of Federal preemption and the desirability of uniform requirements. 
National bankers, insurers, retailers, and other industries subject to Federal 
regulations have strongly urged the Commission to recommend that any 
Mandatory requirements be exclusively Federal so that they and, indeed, 
their customers, do not have to struggle with 50 separate sets of rules. The 
Fair Credit Reporting Act addresses this desire for uniformity by permitting 
a State to supplement but not narrow the Act’s requirements. For example, 
the FCRA specifies that an individual shall be informed on request of the 
nature and substance of a credit report; California law, without contradict- 
ing the FCRA, takes the extra step of requiring that an individual be allowed 
on request to see such a report. When the Commission recommends Federal 
legislation, it intends such legislation to establish the reasonable basis upon 
which organizations may deal with all individuals on whom they maintain 
information or records, regardless of political jurisdiction. While the 
Commission believes its recommended measures provide proper protections 
for personal privacy, particular States may deem it desirable to establish 
further requirements for their own citizens. They should not be prohibited 
from doing so as long as their requirements do not conflict with or narrow 
Federal law. The same is true in the public sector where the Commission has 
recommended Federal requirements applicable to federally funded State 
Programs; there is no barrier to the States going further if they want to do so. 

Experience with the term agency as used in the Privacy Act of 1974 
illustrates a potential problem, which the Commission hopes to avoid with h 
the term organization used in its recommendations. The way an agency 
defines itself for the purpose of complying with the Privacy Act’s 
requirements makes a significant difference in the disclosures of records it 
can make and in the degree of its responsibility for establishing operating 
rules and procedures.18 It is convenient for an agency to define itself a: 
unit at the highest possible organizational level. Thus, the Offi { 
Secretary of Health, Education and Welfare, the Office of Education, th 


18 See Chapter 13, 









689 CamScanner 


Introduction 3 


Social Security Administration, the Public Heaith Service, and a number of 
other units are all deemed to be one agency—the Department of Health, 
Education and Welfare (DHEW). As a consequence, any disclosure of 
information about an individual by one office, administration, or service to 
another can be considered an internal agency disclosure not subject to the 
Privacy Act’s limitations on third-party disclosures without written consent 
of the individual. Another result is that the rules for Privacy Act compliance 
are DHEW rules rather than rules of its components. 

The term organization presents similar problems in the private sector. 
The Commission believes that there should be flexibility allowing organiza- 
tions to define themselves in various ways. For example, a conglomerate 
corporation or corporate group may or may not want to define itself as a 
single organization for the purpose of complying with the measures 
recommended for a particular record-keeping relationship. Considering the 
many forms of corporate and administrative control, the Commission 
believes the choice can be left to the organizations on two conditions. 

The first is that at whatever level an organization is defined as a single 
unit, that must be the level responsible for promulgating and enforcing 
standard operating procedures at all subordinate levels. For example, if the 
American Telephone and Telegraph Company considers itself and all of its 
subsidiaries and affiliated local phone companies to be one organization, 
AT&T must promulgate, enforce, and be accountable for compliance with 
the procedures to be followed by all of those entities. 

The second condition is that regardless of the level at which an 
organization is defined as a unit, an individual must be assured that 
information about him collected and maintained in connection with one 
record-keeping relationship will not be made available for use in connection 
with another. For example, information collected by an employer from an 
employee to process a claim under a group health insurance policy is not to 
be used for personnel purposes. If two affiliated companies define 
themselves as a unit but perform two different functions—one extending 
credit and the other selling insurance, for example—information about 
customers must not flow between them without adherence to the notice, 
authorization, and other requirements called for in the Commission’s 
recommendations. Likewise, a corporate affiliate in, say, the retailing 
business should not rent or lend the names and addresses of its customers to 
another affiliate to market insurance unless the retailer informs its 
customers that it intends to do so and gives them an opportunity to indicate 
that they do not want their names used for that purpose. 


IMPLEMENTATION CHOICES 


The Commission had three basic alternatives for giving effect to its 
policy recommendations: (1) voluntary compliance; (2) statutory creation of 
rights, interests, or responsibilities enforceable through either individual or 
governmental action; and (3) establishment of ongoing governmental 
mechanisms to investigate, study, and report on privacy protection issues. 


4 


CamScanner 


34 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


Each of the Commission’s policy recommendations specifies the alternative 
it believes is most appropriate for that particular measure. 

In the areas of research and statistical activities, and education, for 
example, the Commission specifies legislation in the form of amendments to 
existing Federal statutes to define further the responsibilities and duties of 
those types of record keepers. In the public assistance and social services 
area, the Commission specifies Federal action that would make State 
enactment of the recommended statutory rights and responsibilities a 
condition of Federal funding. 

In the private sector, the Commission specifies voluntary compliance 
when the present need for the recommended change is not acute enough to 
justify mandatory legislation, or if the organizations in an industry have 
shown themselves willing to cooperate voluntarily. In its mailing list 
recommendations for example, the Commission specifies that when an 
organization has a practice of renting, lending, or exchanging the names of 
its customers, members, or donors for use by others in a direct-mail 
marketing or solicitation, it should inform each of them that it does so and 
give each an opportunity to veto the practice with respect to his own name. 
The Commission does not call for legislation to enforce compliance with this 
recommendation because it has reason to believe the industry is willing to 
accept these restrictions voluntarily, and there are no legal impediments to 
stop it from doing so. 

The Commission also relies mainly on voluntary compliance in the 
area of employment and personnel; though there are a few exceptions, the 
most notable being the recommendation dealing with the creation and use 
of investigative reports, where implementation by amendment of the Fair 
Credit Reporting Act is the Commission’s choice. In this area, the 
Commission prefers to rely mainly on voluntary compliance because of the 
complexity of the relationship between employer and employee, and the 
difficulty of classifying all the various records different employers maintain 
about their employees and the way they use these records in employment 
decision making. For the Commission to recommend otherwise would be to 
recommend uniformity where variation is not only widespread but inherent 
in the employee-employer relationship as our society now knows it. 

Most of the Commission’s recommendations, however, do specify 
mandatory measures. This is partly because the Commission believes that in 
most cases voluntary compliance would be too uneven to be dependable; 
but more importantly, many of the issues the Commission’s recommenda- 
tions address are legal ones and require legal remedies. In the Miller case 
described above, for example, if the bank had wholeheartedly tried to 
protect Miller’s interest, it would have done him little or no good since under 
existing law, Miller would have no interest in the records to assert. If a 
Federal agency insists on having an individual’s account record today, a 
bank cannot successfully refuse to make it available. 

_ In some Cases, existing law and practice also work against the 
individual when he seeks access to records about himself. For example, the 
contracts that consumer-reporting agencies have with their insurer, employ- 
er, and credit grantor subscribers specify that the client may not disclose the 





Introduction 35 


information they report on an individual. Thus, an organization reaching an 
adverse decision about an individual on the basis of an investigative report 
cannot disclose the negative information in the report to him, even if it 
would otherwise be willing to do so. The Commission’s recommendations 
would void such prohibitions. 

In choosing mandatory implementation alternatives for the private 
sector, the Commission also aimed for consistency in the matter of damages 
and in the method of enforcement. Where the Commission recognizes an 
individual’s right of access to records that have not entered into a decision 
adverse to him, as in the insurance recommendations for example, it has 
recommended that when an individual denied this right substantially 

revails in court, he be able to recover the costs of compelling compliance, 
including attorney fees, but that he not be awarded damages. When the 
individual’s right of access is triggered by an adverse decision and a record 
keeper fails to perform a duty required of it, or fails to correct or amend a 
record about him or to propagate a correction or amendment, a court which 
determines that the denial or failure was willful or intentional would not 
only allow the individual to recover his cost of compelling compliance, 
including attorney’s fees, but also could award him up to $1,000. 

For credit, insurance, and depository records, the Commission adopts 
the concept of a “legitimate expectation of confidentiality.” Since the 
damage an individual can suffer from an organization’s breach of confiden- 
tiality often cannot be undone, the Commission. recommends that an 
individual so aggrieved have the right to compensation for any special (i.e., 
actual) damages resulting from a private-sector organization’s violation of 
his legitimate expectation of confidentiality, and, if a court determines that 
the organization acted willfully or intentionally, to additional compensation 
for general damages in the amount of at least $1,000 but no more than 
$10,000. 

The third implementation choice obviously requires a Federal body to 
oversee, regulate, and enforce compliance with certain of the Commission’s 
recommendations. This alternative is not incompatible with the other two. 
In fact there are powerful arguments for using it in conjunction with the 
other two, rather than depending on the first two alone. 

The strongest argument for using a combination of alternatives is the 
dynamic character of personal-data record-keeping practices that will 
continue to create new privacy concerns, and redirect existing ones. Without 
a focal point to keep privacy concerns in proper perspective for the public as 
well as for record-keeping organizations, other issues competing for 
attention may obscure them. 

A primary objective of the Commission’s implementation strategy is to 
make sure that the privacy issues stay in proper focus. This requires 
continuing attention from a broad public-policy perspective—a need that is 
not fulfilled today even within the scope of the Privacy Act. A means must 
be found to provide for continued public awareness of what is clearly a 
continuing and pivotal concern, and to assure ongoing attention to develop 
and refine understanding of specific and emerging problems. Notwithstand- 
ing the broad scope of this report, a number of tasks remain. Significant 


CamScanner 


36 PERSONAL PRIVACY IN AN INFORMATION SOCIETy 


record-keeping areas, such as licensing at the State and local level, remain 
unexplored and several chapters of this report highlight other problem areas 
that need further analysis, including the issue of unreasonable intrusiveness 
as evidenced by the amount and type of information an individual js 
required to reveal about himself in return for a desired or needed service or 
benefit. As indicated earlier, the propriety question is an extremely delicate 
one and there is as yet no generally accepted method of arriving at answers 
to it in different contexts. The Commission’s recommendations offer 
mechanisms to identify those kinds of questions so they can be debated in 
the context most likely to be constructive in determining public policy, 

A further argument for combining all three alternatives is that 
experience with other public-policy issues of this sort suggests a continuing 
need to coordinate the policies that have been and will be adopted. and to 
assist in identifying and resolving real or apparent conflicts between 
existing, modified, and new statutes and regulations. 

There is also the consideration that decentralized enforcement spreads 
responsibility for enforcement among agencies, organizations and individu- 
als, each of which has numerous other responsibilities, thus increasing the 
risk that privacy objectives and protections will be obscured. The Commis- 
sion advocates rights for individuals and reliance primarily on the courts to 
assure exercise of those rights. As indicated in many chapters of this report, 
however, improving the capability of the individual to protect himself can be 
an inadequate tool for resolving major systemic problems. The Commission 
sees a need for some influential “prodding” structure, some sustained 
oversight over the actual implementation of the protections it recommends. 
The Federal agency experience under the Privacy Act described in Chapter 
13 attests to the need as it has arisen within the Federal government. The 
experience of the various Federal regulatory bodies that will have additional! 
responsibilities if the Commission’s recommendations are adopted—for 
example, the Federal Trade Commission, the Federal Reserve Board, and 
the compliance monitoring units of the Department of Health, Education 
and Welfare—further underscores it. ; 

Finally, in all areas of the public sector the Commission has studied, 
the need for a mechanism to interpret both law and policy is clear. The 
difficulty of deciding which disclosures of records about individuals are 
routine within the meaning of the Privacy Act often raises conflicts of 
interest or interpretation between two or more Federal agencies. Similarly, 
as indicated in Chapter 13, Federal agencies often need an efficient means 
of arriving at common solutions to their common privacy protection 
problems, such as establishing procedures for the disposal of records, the 
propagation of corrections, and the maintenance of accountings of 
disclosures. State agencies frequently complain about being subjected to 
multiple, and sometimes incompatible, record-keeping rules as a conse- 
quence of participating in programs funded by different Federal agencies or 
by different components within a me agency. There must also be a way of 
bringing private-sector recommendations for voluntary action to the 


attention of all the relevant organizations. Many of these varied needs can 
best be met by the third implementation alternative. 


CamScanner 


Introduction 37 


Therefore the Commission recommends: 


That the President and the Congress establish an inde 
within the Federal government charged with the re 
performing the following functions: 


pendent entity 
sponsibility of 


(a) To monitor and evaluate the implementation of any statutes and 
regulations enacted pursuant to the recommendations of the 
Privacy Protection Study Commission, and have the authority 
to formally participate in any Federal administrative proceeding 
or process where the action being considered by another agency 
would have a material effect on the protection of personal 
privacy, either as the result of direct government action or as a 
result of government regulation of others. 

(b) To continue to research, study, and investigate areas of privacy 
concern, and in particular, pursuant to the Commission’s 
recommendations, if directed by Congress, to supplement other 
governmental mechanisms through which citizens could ques- 
tion the propriety of information collected and used by various 
segments of the public and private sector. 

(c) To issue interpretative rules that must be followed by Federal 
agencies in implementing the Privacy Act of 1974 or revisions of 
this Act as suggested by this Commission. These rules may deal 
with procedural matters as well as the determination of what 
information must be available to individuals or the public at 
large, but in no instance shall it direct or suggest that 
information about an individual be withheld from individuals. 

(d) To advise the President and the Congress, government agen- 
cies, and, upon request, States, regarding the privacy implica- 
tions of proposed Federal or State statutes or regulations. 


The entity the Commission recommends may be a Federal Privacy 
Board or some other independent unit. However, if a new entity is 
established, the only enforcement authority the Commission would recom- 
mend it be given would be in connection with the implementation by 
Federal agencies of the Privacy Act itself. Its oversight responsibility in all of 
the other areas covered by the Commission’s recommendations would 
require it only to participate in the proceedings of other agencies when 
substantive privacy issues are involved. For example, if the Federal Reserve 
Board were to issue proposals to amend its Regulation Z pursuant to the 
Truth-in-Lending Act after the Commission’s recommendations are adopt- 
ed, the new entity could participate in the proceedings only to the extent of 


presenting testimony and other comments from a privacy protection point 
of view. 


PRESENTATION OF THE COMMISSION’S FINDINGS 


_ The strongest argument for the need to keep attention focussed on the 
issue of personal privacy in record keeping is in the facts of record keeping 
themselves. The facts and the specific recommendations the Commission 


CamScanner 


38 PERSONAL PRIVACY IN AN INFORMATION SOCIETY 


makes on the basis of its analysis of them are presented in the chapters that 
follow. 

Chapter 2 examines the record-keeping policies and practices of credit 
grantors and the organizations whose records they use to establish and 
control their consumer-credit relationships. Consumer credit is an area in 
which new services and new record-keeping methods have dramatically 
changed the primary record-keeping relationship. As the chapter points out, 
personal interaction in consumer-credit transactions has declined markedly 
in the last several decades, making recorded information the paramount 
factor in establishing and maintaining the consumer-credit relationship, 
Chapter 2 ends with a note on the practices of commercial-reporting firms 
and the Commission’s recommendations with respect to the records they 
maintain about individuals. 

Chapter 3 explains why the record-keeping policies and practices of 
depository institutions (mainly commercial banks and savings and loan 
associations) are beginning to pattern themselves on those of credit grantors. 
Chapter 3 includes the Commission’s analysis of the impact of electronic 
funds transfer systems on personal privacy, an impact with potentially 
profound significance. 

Chapter 4 explores the creation and use of mailing lists. It shows that, 
contrary to popular belief, names and addresses do not get transferred from 
one mailing list to another in ways that disclose confidential information 
about individuals, but that impending changes in the way mailing lists are 
developed will make it easier for that to happen. 

Chapter 5 examines record-keeping in the insurance relationship, an 
area that has been little explored from a privacy protection standpoint. In 
contrast to the credit and depository relationships, the insurance relation- 
ship may depend in part on information about individuals developed from 
interviews with neighbors and associates. This difference introduces a 
special set of privacy protection issues which are also present to some extent 
in the private-sector employee-employer relationship examined in Chapter 
6. | 

Chapter 7 assesses the growing demand on medical-care providers for 
information in the records they maintain on individual patients. The use of 
medical-record information to make nonmedical decisions about individu- 
als is explored in the chapters on insurance and employment, but Chapter 7 
is where it is brought into focus. The crux of the problem is that individuals 
are asked to authorize the disclosure of medical-record information about 
themselves for a variety of purposes, but usually have no way of finding out 
what is in their medical records and thus must decide to authorize without a 
proper basis for estimating the consequences such disclosures may have for 
them. 

Chapter 8 examines investigative-reporting services in the private 
sector, weaving threads from earlier chapters into an analysis of why the 
Commission believes sweeping changes are needed in the record-keeping 
practices of these firms. ; 

Chapter 9 begins the transition from the private to the public sector. It 
concentrates on threats to personal privacy that stem from two main 


; ; met < 


(e8J CamScanner 






Introduction 39 


sources: changes in the way individuals go about their day-to-day business 
and the tendency of government in recent years to rewrite the rules of the 

ame without letting the other playets know. It argues that to wait on the 
courts to create adequate protections for the individual is to adopt a policy 
of uncertain outcome and recommends legislation to right the balance 
between individual liberty and social order that the increase in government’s 
demands for access to records about individuals has upset. 

. Chapters 10 and I address two areas—education, and public 
assistance and social services—in which both the Federal government and 
the States have a policy interest. The past decade has seen important 
initiatives to safeguard personal privacy from obvious record-keeping 
abuses in both areas. These two chapters evaluate those initiatives in terms 
of current conditions and emerging trends. Chapter 12 summarizes the 
State’s role in protecting personal privacy as it emerges from the Commis- 
sion’s recommendations in all of the preceding chapters. 

With Chapter 13, the report turns to the record-keeping practices of 
Federal government agencies. The Commission decided early in its inquiry 
that it could not recommend whether the principles and requirements of the 
Privacy Act should be extended to organizations outside the Federal 
government without first assessing the Privacy Act’s effectiveness in the one 
area where its principles and requirements have been applied. Chapter 13 
reports the results of the assessment and suggests a strategy for amending 
the Privacy Act as it applies to Federal agencies. 

Chapter 14 on the Federal taxpayer relationship responds to a 
directive from the Congress that the Commission examine and make 
recommendations with respect to Internal Revenue Service disclosures of 
information about taxpayers. The Commission issued an interim report on 
the topic in June of 1976, just prior to passage of the 1976 Tax Reform Act. 
Chapter 14 compares the pertinent provisions of the 1976 legislation with 
the recommendations the Commission made at that time, and covers several 
related issues that were not addressed in the interim report. 

Chapter 15 contributes to the continuing debate over the level of 
protection that should be afforded records about individuals that are 
intended to be used for research and statistics. . 

Chapter 16 on the Social Security Number and other assigned 
identifiers punctuates the Commission’s findings and recommendations. 
While its principal conclusion is that the core problem is the lack of policy 
on the disclosures record-keeping organizations may make of a record about 
an individual, it recommends that government take no action that would 
encourage the drift toward using the SSN or anything else as a standard, 
universal identifier until such policy has been developed and made effective. 


6859 CamScanner 


* 





y 


689 CamScanner 


